Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Wireshark 3.2 SOME/IP Dissector Payload interpretation

From: "Peimann, Jannis" <jannis.peimann () continental-corporation com>
Date: Mon, 17 Feb 2020 12:45:50 +0000
Hello Wireshark Dev Team,

I want to use the new integrated SOME/IP Dissector in Wireshark.
Unfortunately I am not able to find a documentation for Wireshark SOME/IP payload configuration.
I know that Dr. Lars Voelker wrote this dissector and I’ve already read the protocol documentation from his website 
(some-ip.com) and tried to analyze his source code (packet-someip.c and packet-someip.h).

To manually dissect the payload is not a problem for me, but I am not able to do it in Wireshark.
I want to use his dissector for a company project and write my own script that creates the Wireshark config files for 
his dissector.
We use ARXML files, I want to extract the information from them and then create the Wireshark configs for SOME/IP.
But at the beginning I want to do it manually.

I saw that he has a SOME/IP Fibex4 to Wireshark config dissector on his Github Account 
(https://github.com/LarsVoelker/FibexConverter).
Unfortunately we do not have any SOME/IP Fibex files and the Fibex4 (ASAM MCD-2 NET Standard) is not accessible for 
free.
Maybe you could provide us an example Fibex4 SOME/IP file that would be great, so we could create a Wireshark 
configuration with his script and could do some reverse engineering.

My problem:
If I go to the Wireshark Settings for the SOME/IP Protocol I have plenty of possibilities to dissect my payload.
Setting up my UDP Ports, SOME/IP Services and SOME/IP Methods is not a problem and already working.
But I am stuck with payload dissection. I don't know how to correctly configure the SOME/IP Parameter.


Example:
Service ID: 0x8888 (TestService)
Method ID: 0xaaaa (method_a) or 0xbbbb (method_b)
SOME/IP Version: 0x01
Interface Version 0x01
Message Type: 0x02 (Notification)
Return Code: 0x00 (Ok)

Example Payload:
00 00 00 22 00 00 00 1e 20 00 00 00 00 01 00 01 01 00 02 01 00 03 01 00 04 01 00 05 01 00 06 01 20 07 00 00 00 1f

Example Analysis:
[cid:image004.jpg@01D5E598.8A24B9B0]

What I want to see for the payload:
[cid:image006.jpg@01D5E598.8A24B9B0]

Error messages I get for the example:
[cid:image007.jpg@01D5E598.8A24B9B0]

My settings for SOME/IP in Wireshark->Settings:
Set UDP Ports accordingly
Set SOME/IP Services
Set SOME/IP Methods
Check box for Dissect Payload

SOME/IP parameter List:
Service ID: 8888
Method ID: bbbb
Version: 1
Message Type: 2
Number of Parameter: 8
Parameter Position: 0
Parameter Name: property_a
Parameter Type: 4
ID Reference: 1

SOME/IP Parameter Structs:
ID: 1
Struct Name: struct_a
Length of Length Field: 32
Pad to: 0
Number of Items: 1
Parameter Position: 0
Parameter Name: test_a
Parameter Type: 4
ID Reference: 2

If you want to simulate it, you can use Scapy for Windows like me:
load_contrib("automotive.someip")
u = UDP(sport=30509, dport=30509)
i = IP(src="192.168.0.13", dst="192.168.0.10")
sip = SOMEIP()
sip.iface_ver = 1
sip.proto_ver = 1
sip.msg_type = "NOTIFICATION"
sip.retcode = "E_OK"
sip.srv_id = 0x8888
sip.method_id = 0xbbbb
sip.add_payload(‘\x00\x00\x00\x22\x00\x00\x00\x1e\x20\x00\x00\x00\x00\x01\x00\x01\x01\x00\x02\x01\x00\x03\x01\x00\x04\x01\x00\x05\x01\x00\x06\x01\x20\x07\x00\x00\x00\x1f‘)
p = i/u/sip
send(p)


Would be great, if you could give me any hints to solve that problem.
Thanks in advance for your help.


Mit freundlichen Grüßen/Best regards,

Jannis Peimann

Dual Student Technical Informatics
VNI CE EU WET HR

Besucheradresse / Visitor address:
Continental Automotive GmbH
Philipsstrasse 1, 35576 Wetzlar, Deutschland
Postfach 14 40, 35573 Wetzlar, Deutschland

Rechnungsanschrift / Invoice address:
Continental Automotive GmbH
Philipsstrasse 1, 35576 Wetzlar, Deutschland
Postfach 14 40, 35573 Wetzlar, Deutschland

E-Mail: jannis.peimann () continental com<mailto:jannis.peimann () continental com>
Web: www.continental-automotive.com
[cid:image012.png@01D5E598.8A24B9B0]
<$$014!>


https://www.continental.com
________________________________________________________________________

Continental Automotive GmbH, Vahrenwalder Str. 9, D-30165 Hannover
Vorsitzender des Aufsichtsrats/Chairman of the Supervisory Board: Helmut Matschi
Geschaeftsfuehrer/Managing Director: Georg Sistermanns, Harald Stuhlmann
Sitz der Gesellschaft/Registered Office: Hannover
Registergericht/Registered Court: Amtsgericht Hannover, HRB 59424
USt.-ID-Nr./VAT-ID-No. DE814950663

______________________________________________________________________

Proprietary and confidential. Distribution only by express authority of Continental AG or its subsidiaries.



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: