Hello Devs,
Thanks for your continued efforts on this valuable tool!
Background: We're building a dissector for DeviceNet which significantly extends the stock dissector shipped with Wireshark. (if there is interest, we're happy to share our work) This dissector performs frame reassembly of CAN frames into Group 2 DeviceNet frames as a path to allowing us to understand the "language/protocol" of a connected device. We are successfully interpreting the DeviceNet level interactions now. The "wire protocol" is being successfully and fully interpreted. (We even figured out how to add hints to reference applicable sections of the OVDA spec!)
Objective: Now that we can build DeviceNet frames which the target device is interpreting, we are hoping to add some additional commentary in the INFO column.
In order to do this, we need to "simulate" knowing some state of the target device. We would like to add "interpretation" of responses to queries to the device. Our thinking is that if we can look retrospectively into the packet stream to a frame which immediately precedes our response data to see which "command" was issues, we can take a stab at interpreting the response.
It's well understood that this is not foolproof, but for our purposes the items we put into the INFO column are really meant to be hints, not a rigorous "decode".
With that background, our question is if (programmatically) there a way to walk through past frames to find our query? We've written the dissector in C, so are looking for how we might use the tools in that environment to achieve this.
For context, here is a snippet of a trace:
No. Protocol IsFrag Frag Type Req/Resp Device Info
Data
1 DeviceNet False Request RMS Read current Flow State
2 DeviceNet True Start
3 DeviceNet True ACK
4 DeviceNet True Mid
5 DeviceNet True ACK
6 DeviceNet True last Response 0,-0.0895222,0
7 DeviceNet True ACK
8 DeviceNet False Request RMS Read current Flow State
9 DeviceNet True Start
10 DeviceNet True ACK
11 DeviceNet True Mid
12 DeviceNet True ACK
13 DeviceNet True last Response 0,-0.0907981,0
We would like to arrive at line 6, and be able to look back to line 1 to understand the command issued. Alternatively, we could also create some state in line 1 which could be interpreted in line 6. Again, I'll emphasize we know this is not "foolprooof" but in the "no errors" case, would help us be able to quickly see what is happening.
Is there a way to add "state" that can be referenced between packets in this manner?
Much thanks for your assistance in helping us understand some of the power of Wireshark!
