Whilst working on Project Iris, I have found Sebastian Reichel‘s Wireshark dissector plug-in invaluable for identifying the content of ISI packets generated by my handset.
However, it relies upon the ability to use the Linux PhoNet stack – which isn’t always possible under certain circumstances.
For example, the stack may not be available at all under the running Linux kernel version; or the USB device generating ISI traffic may be connected to a virtual machine running a Windows-based application – which is obviously invisible to the host’s network stack.
With that in mind, I’ve decided to release a modified version of the aforementioned plug-in on BitBucket (in source code form only, at present), and I’ve uploaded a sample trace file to test it against, here.
Rough instructions for building it against an SVN release version of Wireshark under Fedora are provided in the repository; as are a copy of my colouring rules for working with USB and ISI traffic.
At present, the dissector has the following features:
- Basic support for dissection of ISI/PhoNet packets encapsulated in USB framing (AKA “CDC PhoNet”) – for USB
CDC_DATAclass packets - Basic support for dissecting ISI GPS and SIM Authentication packets (inherited from the original version of the dissector)
- Basic support for identifying specific types of
CDC_DATApackets (works for ISI, PPP and AT/Hayes commands)
However, there are also a number of limitations and bugs – especially when compared to the original version:
- ISI packets encapsulated in Linux Cooked framing are currently unsupported
- Due to lack of heuristics, this dissector will override the PPP dissector (and the ISO/IEC 13818-1 dissector) when working with USB trace files
- The length indicator may not always be accurate – although a lot of effort was spent on attempting to make it work
When working with this dissector, I recommend either using the isi.usbtype == 0x1b display filter, or individually filtering out various other types of USB packets, in order to avoid confusion.
For curious folks, a screenshot of the dissector in action is provided:
I hope that others find this useful for something.
That aside, I’d like to thank the following:
- Chris Maynard for his USB patches (especially the CDC Ethernet one), which were useful for figuring out how to integrate with the USB dissector
- Sebastian for providing the initial version of the dissector
- William Roberts for providing the Nokia N73 that’s serving me well as my primary handset (and its USB cable, of course), and for persisting with me whilst I grappled with various stupid mistakes during learning C and C++
I wish readers a happy Christmas, and all of the best for 2011! 🙂
Tyson Key's Outpost 