Wireshark · Wireshark-dev: [Wireshark-dev] Wireshark 3.2 SOME/IP Dissector Payload interpretation

Wireshark-dev: [Wireshark-dev] Wireshark 3.2 SOME/IP Dissector Payload interpretation

From: "Peimann, Jannis" <jannis.peimann@xxxxxxxxxxxxxxxxxxxxxxxxxxx>

Date: Mon, 17 Feb 2020 12:45:50 +0000

Hello Wireshark Dev Team,

I want to use the new integrated SOME/IP Dissector in Wireshark.

Unfortunately I am not able to find a documentation for Wireshark SOME/IP payload configuration.

I know that Dr. Lars Voelker wrote this dissector and I’ve already read the protocol documentation from his website (some-ip.com) and tried to analyze his source code (packet-someip.c and packet-someip.h).

To manually dissect the payload is not a problem for me, but I am not able to do it in Wireshark.

I want to use his dissector for a company project and write my own script that creates the Wireshark config files for his dissector.

We use ARXML files, I want to extract the information from them and then create the Wireshark configs for SOME/IP.

But at the beginning I want to do it manually.

I saw that he has a SOME/IP Fibex4 to Wireshark config dissector on his Github Account (https://github.com/LarsVoelker/FibexConverter).

Unfortunately we do not have any SOME/IP Fibex files and the Fibex4 (ASAM MCD-2 NET Standard) is not accessible for free.

Maybe you could provide us an example Fibex4 SOME/IP file that would be great, so we could create a Wireshark configuration with his script and could do some reverse engineering.

My problem:

If I go to the Wireshark Settings for the SOME/IP Protocol I have plenty of possibilities to dissect my payload.

Setting up my UDP Ports, SOME/IP Services and SOME/IP Methods is not a problem and already working.

But I am stuck with payload dissection. I don't know how to correctly configure the SOME/IP Parameter.

Example:

Service ID: 0x8888 (TestService)

Method ID: 0xaaaa (method_a) or 0xbbbb (method_b)

SOME/IP Version: 0x01

Interface Version 0x01

Message Type: 0x02 (Notification)

Return Code: 0x00 (Ok)

Example Payload:

00 00 00 22 00 00 00 1e 20 00 00 00 00 01 00 01 01 00 02 01 00 03 01 00 04 01 00 05 01 00 06 01 20 07 00 00 00 1f

Example Analysis:

What I want to see for the payload:

Error messages I get for the example:

My settings for SOME/IP in Wireshark->Settings:

Set UDP Ports accordingly

Set SOME/IP Services

Set SOME/IP Methods

Check box for Dissect Payload

SOME/IP parameter List:

Service ID: 8888

Method ID: bbbb

Version: 1

Message Type: 2

Number of Parameter: 8

Parameter Position: 0

Parameter Name: property_a

Parameter Type: 4

ID Reference: 1

SOME/IP Parameter Structs:

ID: 1

Struct Name: struct_a

Length of Length Field: 32

Pad to: 0

Number of Items: 1

Parameter Position: 0

Parameter Name: test_a

Parameter Type: 4

ID Reference: 2

If you want to simulate it, you can use Scapy for Windows like me:

load_contrib("automotive.someip")

u = UDP(sport=30509, dport=30509)

i = IP(src="" dst="192.168.0.10")

sip = SOMEIP()

sip.iface_ver = 1

sip.proto_ver = 1

sip.msg_type = "NOTIFICATION"

sip.retcode = "E_OK"

sip.srv_id = 0x8888

sip.method_id = 0xbbbb

sip.add_payload(‘\x00\x00\x00\x22\x00\x00\x00\x1e\x20\x00\x00\x00\x00\x01\x00\x01\x01\x00\x02\x01\x00\x03\x01\x00\x04\x01\x00\x05\x01\x00\x06\x01\x20\x07\x00\x00\x00\x1f‘)

p = i/u/sip

send(p)

Would be great, if you could give me any hints to solve that problem.

Thanks in advance for your help.

Mit freundlichen Grüßen/Best regards,

Jannis Peimann

Dual Student Technical Informatics

VNI CE EU WET HR

Besucheradresse / Visitor address:

Continental Automotive GmbH

Philipsstrasse 1, 35576 Wetzlar, Deutschland

Postfach 14 40, 35573 Wetzlar, Deutschland

Rechnungsanschrift / Invoice address:

Continental Automotive GmbH

Philipsstrasse 1, 35576 Wetzlar, Deutschland

Postfach 14 40, 35573 Wetzlar, Deutschland

E-Mail: jannis.peimann@xxxxxxxxxxxxxxx

Web: www.continental-automotive.com

<$$014!>

https://www.continental.com
________________________________________________________________________

Continental Automotive GmbH, Vahrenwalder Str. 9, D-30165 Hannover
Vorsitzender des Aufsichtsrats/Chairman of the Supervisory Board: Helmut Matschi
Geschaeftsfuehrer/Managing Director: Georg Sistermanns, Harald Stuhlmann
Sitz der Gesellschaft/Registered Office: Hannover
Registergericht/Registered Court: Amtsgericht Hannover, HRB 59424
USt.-ID-Nr./VAT-ID-No. DE814950663

______________________________________________________________________

Proprietary and confidential. Distribution only by express authority of Continental AG or its subsidiaries.

Prev by Date: Re: [Wireshark-dev] I have some captures from Jouni's hwsim for 802.11 with Anti-Clogging tokens
Next by Date: [Wireshark-dev] Mixing Exported_pdu with Lua
Previous by thread: Re: [Wireshark-dev] I have some captures from Jouni's hwsim for 802.11 with Anti-Clogging tokens
Next by thread: [Wireshark-dev] Mixing Exported_pdu with Lua
Index(es):
- Date
- Thread