Last active
December 27, 2015 14:09
-
-
Save mqu/7337937 to your computer and use it in GitHub Desktop.
very partial Asterix decoder for Wireshark, using WSGD generic decoder. This decoder is incomplete but can display header information for each Asterix packet (category, size, fspec). TODO : implement category decoding in details.
Keywords : Asterix, WSGD, ATC, Wireshark, Eurocontrol, tcpdump, pcapdump, libpcap, pcap.
Links: http://wsgd.free.fr/, h…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # --------------------------------------------------------- | |
| # | |
| # Wireshark dissector for Asterix format, using wsgd plugin | |
| # | |
| # --------------------------------------------------------- | |
| # author : Marc Quinton / november 2013 | |
| # | |
| # see : http://wsgd.free.fr/ | |
| # | |
| struct AsterixHeader | |
| { | |
| byte_order big_endian ; # big_endian or little_endia | |
| uint8{d=hex} category ; | |
| uint16{d=hex} size ; | |
| uint16{d=hex} fspec ; | |
| hide var string asterix_msg_summary = print ("category=%0.3d (0x%0.2x) ; size=%0.4d (0x%0.4x) ; fspec=%02x", category, category, size, size, fspec); | |
| } | |
| struct AsterixRecords | |
| { | |
| # loop until 30 times | |
| loop_size_bits 30 | |
| { | |
| AsterixHeader header ; | |
| raw(*) data ; | |
| } | |
| } | |
| switch AsterixRecordSwitch category | |
| { | |
| default : | |
| AsterixRecords records ; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # --------------------------------------------------------- | |
| # | |
| # Wireshark dissector for Asterix format, using wsgd plugin | |
| # | |
| # --------------------------------------------------------- | |
| # author : Marc Quinton / november 2013 | |
| # | |
| # see : http://wsgd.free.fr/ | |
| # | |
| # ASTERIX Format - http://en.wikipedia.org/wiki/ASTERIX_(ATC_standard) | |
| # | |
| # ASTERIX (short for All Purpose Structured Eurocontrol Surveillance Information Exchange) is a standard | |
| # for the exchange of air traffic control (ATC) information. It is developed and maintained by the European ATC organization Eurocontrol. | |
| # ASTERIX not only stands for All-Purpose Structured Eurocontrol Surveillance Information Exchange but also represents | |
| # a state-of-the-art surveillance data format which is nearly being adopted by the world users community as the universal | |
| # standard in this domain today. | |
| # | |
| # links : | |
| # | |
| # - http://www.eurocontrol.int/services/asterix | |
| # Asterix very quick and dirty format description : | |
| # | |
| # AsterixMessage : Block [ Block, Block ] | |
| # | |
| # AsterixBlock : | |
| # uint8 : category | |
| # uint16 : size (of block) | |
| # Record [ Record+ ] | |
| # | |
| # AsterixRecord : | |
| # uint8 : fspec | |
| # raw(..) : data | |
| # -> fspec depend ont Block category | |
| # | |
| PROTONAME Asterix Format | |
| PROTOSHORTNAME Asterix | |
| PROTOABBREV asterix | |
| # Optional parameter. | |
| # Default value is "no". | |
| # If you are sure that your packets always contains complete messages, you can uncomment : | |
| PACKET_CONTAINS_ONLY_COMPLETE_MSG yes | |
| # Optional parameter. | |
| # Default value is "no". | |
| # If you are sure that your packets always contains only 1 message, you can uncomment : | |
| PACKET_CONTAINS_ONLY_1_MSG no | |
| # Field displayed into Info column (instead of MSG_ID_FIELD_NAME) | |
| MSG_TITLE asterix_msg_summary | |
| # Specify when the protocol is used : we receive Asterix data at LLC level ; may be someone will received with UDP Broadcast | |
| PARENT_SUBFIELD llc.dsap | |
| PARENT_SUBFIELD_RANGE 0 255 | |
| MSG_HEADER_TYPE AsterixHeader | |
| MSG_ID_FIELD_NAME category | |
| MSG_TOTAL_LENGTH size | |
| MSG_MAIN_TYPE AsterixRecordSwitch(category) | |
| PROTO_TYPE_DEFINITIONS | |
| include asterix.fdesc ; | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| To install this Asterix decoder, you need to install WSGD plugin and copy asterix.fdesc and asterix.wsgd in the plugin directory of Wireshark. This 2 files can be in the current directory where you PCAP dump is located. | |
| links : http://www.wireshark.org/docs/wsug_html_chunked/ChAppFilesConfigurationSection.html |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ tshark -c 15 -r asterix-dump.pcap | |
| 1 0.000000000 Satelcom_00:0b:06 -> fd:ff:30:ff:08:03 Asterix 73 0 > 0 [category=048 (0x30) ; size=0038 (0x0026) ; fspec=fdd7] [category=034 (0x22) ; size=0018 (0x0012) ; fspec=f608] | |
| 2 0.060134000 Satelcom_00:0b:06 -> fd:ff:30:ff:08:03 Asterix 73 0 > 0 [category=048 (0x30) ; size=0038 (0x0026) ; fspec=fdd7] [category=034 (0x22) ; size=0018 (0x0012) ; fspec=f608] | |
| 3 0.350090000 Satelcom_00:0b:06 -> fd:ff:30:ff:08:03 Asterix 178 0 > 0 [category=048 (0x30) ; size=0143 (0x008f) ; fspec=fdd7] [category=034 (0x22) ; size=0018 (0x0012) ; fspec=f608] | |
| 4 0.372618000 Satelcom_00:0b:06 -> fd:ff:30:ff:08:03 Asterix 108 0 > 0 [category=048 (0x30) ; size=0073 (0x0049) ; fspec=fdd7] [category=034 (0x22) ; size=0018 (0x0012) ; fspec=f608] | |
| 5 0.700742000 Satelcom_00:0b:06 -> fd:ff:30:ff:08:03 Asterix 213 0 > 0 [category=048 (0x30) ; size=0178 (0x00b2) ; fspec=fdd7] [category=034 (0x22) ; size=0018 (0x0012) ; fspec=f608] | |
| 6 0.723890000 Satelcom_00:0b:06 -> fd:ff:30:ff:08:03 Asterix 298 0 > 0 [category=048 (0x30) ; size=0263 (0x0107) ; fspec=fdd7] [category=034 (0x22) ; size=0018 (0x0012) ; fspec=f608] | |
| 7 0.944757000 Satelcom_00:0b:06 -> fd:ff:30:ff:08:03 Asterix 96 0 > 0 [category=048 (0x30) ; size=0061 (0x003d) ; fspec=fd16] [category=034 (0x22) ; size=0018 (0x0012) ; fspec=f608] | |
| 8 0.989836000 Satelcom_00:0b:06 -> fd:ff:30:ff:08:03 Asterix 143 0 > 0 [category=048 (0x30) ; size=0108 (0x006c) ; fspec=fdd7] [category=034 (0x22) ; size=0018 (0x0012) ; fspec=f608] | |
| 9 1.240351000 Satelcom_00:0b:06 -> fd:ff:30:ff:08:03 Asterix 73 0 > 0 [category=048 (0x30) ; size=0038 (0x0026) ; fspec=fdd7] [category=034 (0x22) ; size=0018 (0x0012) ; fspec=f608] | |
| 10 1.247223000 Satelcom_00:0b:06 -> fd:ff:30:ff:08:03 Asterix 60 0 > 0 [category=034 (0x22) ; size=0018 (0x0012) ; fspec=f608] | |
| 11 1.590880000 Satelcom_00:0b:06 -> fd:ff:30:ff:08:03 Asterix 143 0 > 0 [category=048 (0x30) ; size=0108 (0x006c) ; fspec=fdd7] [category=034 (0x22) ; size=0018 (0x0012) ; fspec=f608] | |
| 12 1.598438000 Satelcom_00:0b:06 -> fd:ff:30:ff:08:03 Asterix 73 0 > 0 [category=048 (0x30) ; size=0038 (0x0026) ; fspec=fdd7] [category=034 (0x22) ; size=0018 (0x0012) ; fspec=f608] | |
| 13 1.868180000 Satelcom_00:0b:06 -> fd:ff:30:ff:08:03 Asterix 60 0 > 0 [category=034 (0x22) ; size=0018 (0x0012) ; fspec=f608] | |
| 14 1.890915000 Satelcom_00:0b:06 -> fd:ff:30:ff:08:03 Asterix 131 0 > 0 [category=048 (0x30) ; size=0096 (0x0060) ; fspec=fd16] [category=034 (0x22) ; size=0018 (0x0012) ; fspec=f608] | |
| 15 2.273791000 Satelcom_00:0b:06 -> fd:ff:30:ff:08:03 Asterix 283 0 > 0 [category=048 (0x30) ; size=0248 (0x00f8) ; fspec=fdd7] [category=034 (0x22) ; size=0018 (0x0012) ; fspec=f608] | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
a screenshot : http://min.us/lboOvwQWP6SOcc