Ask Your Question
0

How can I get wireshark to support an ISO 13400 filter for DoIP for DoIP versions 3 and 4?

asked 2022-08-22 19:43:18 +0000

jmille72 gravatar image

Wireshark is great for looking at Diagnostics over IP traffic with easy filter. However, it only decodes if DoIP version is equal to 2. There are no versions 3 and 4, and these don't decode.

edit retag flag offensive close merge delete

Comments

Can you update the question with the output of wireshark -v or Help->About Wireshark:Wireshark.

Version 3 (DoIP ISO 13400-2:2019) was added in Jan 2021 - 1662: DoIP: Adding 2019 DoIP Type

Are you looking for 13400-3 or 13400-4 when you say "versions 3 and 4" ?

Chuckc gravatar imageChuckc ( 2022-08-23 01:16:47 +0000 )edit

Thanks! I have wireshark Version 3.6.7 (v3.6.7-0-g4a304d7ec222) . And No, I am not looking for ISO 13400-3 or ISO 13400-4. I am looking for support for DoIP protocol (which is really captured in ISO 13400-2, but for version 4 (which is required per ISO 13400-2:2019/DAMD 1). Basically it would be ideal if the updates still decoded regardless of unknown versions. Right now, I have an implementation using protocol version 4 per amendment 1 and it doesn't decode at all.

jmille72 gravatar imagejmille72 ( 2022-08-23 11:51:24 +0000 )edit

Can you adjust the title to beISO 13400-2:2019/DAMD 1 DoIP Version 4 since version 3 should be working. Will also show that this is related to a standard that is Status : Under development as of 220823.

Do you have a sample capture file you could share on a public file share and a link to it in the question?

The ISO documents are behind a paywall. Do you have access to the working document showing changes for the new version?

Chuckc gravatar imageChuckc ( 2022-08-23 13:38:45 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-08-23 14:57:14 +0000

LarsV gravatar image

Wireshark 3.6 and later support DoIP up to ISO 13400-2:2019. (2019 means Version 3 in header field version). 2019 is still the newest released version.

I am looking right now at a DoIP trace with Version 3 in Wireshark 3.6.7 and it shows this:

DoIP (ISO13400) Protocol
    Header
        Version: DoIP ISO 13400-2:2019 (0x03)
        Inverse version: 0xfc
        Type: Vehicle identification request (0x0001)
        Length: 0

Version 4 does not exist yet, but it will be used by "ISO 13400-2:2019 Amd1". As this is not final (as far as I know), it would be really hard to know how to parse messages, if the format might have changed or will change.

I created a MR for Wireshark Master that allow the header version 4: https://gitlab.com/wireshark/wireshar...

edit flag offensive delete link more

Comments

MR has been merged and is available to test from the automated builds.
(Wireshark-win64-4.1.0rc0-118-g89457e01dac8.exe or newer)

Chuckc gravatar imageChuckc ( 2022-08-27 13:12:14 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2022-08-22 19:43:18 +0000

Seen: 1,238 times

Last updated: Aug 23 '22

Related questions

Use UDS dissector inside DoIP dissector

Is there a possibility to monitor the UDS messages sent over the CAN bus?