First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How can I get wireshark to support an ISO 13400 filter for DoIP for DoIP versions 3 and 4?

  • retag add tags

Wireshark is great for looking at Diagnostics over IP traffic with easy filter. However, it only decodes if DoIP version is equal to 2. There are no versions 3 and 4, and these don't decode.

jmille72's avatar
1
jmille72
asked 2022-08-22 19:43:18 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Can you update the question with the output of wireshark -v or Help->About Wireshark:Wireshark.

Version 3 (DoIP ISO 13400-2:2019) was added in Jan 2021 - 1662: DoIP: Adding 2019 DoIP Type

Are you looking for 13400-3 or 13400-4 when you say "versions 3 and 4" ?

Chuckc's avatar Chuckc (2022-08-23 01:16:47 +0000) edit
more
  • delete

Thanks! I have wireshark Version 3.6.7 (v3.6.7-0-g4a304d7ec222) . And No, I am not looking for ISO 13400-3 or ISO 13400-4. I am looking for support for DoIP protocol (which is really captured in ISO 13400-2, but for version 4 (which is required per ISO 13400-2:2019/DAMD 1). Basically it would be ideal if the updates still decoded regardless of unknown versions. Right now, I have an implementation using protocol version 4 per amendment 1 and it doesn't decode at all.

jmille72's avatar jmille72 (2022-08-23 11:51:24 +0000) edit
more
  • delete

Can you adjust the title to beISO 13400-2:2019/DAMD 1 DoIP Version 4 since version 3 should be working. Will also show that this is related to a standard that is Status : Under development as of 220823.

Do you have a sample capture file you could share on a public file share and a link to it in the question?

The ISO documents are behind a paywall. Do you have access to the working document showing changes for the new version?

Chuckc's avatar Chuckc (2022-08-23 13:38:45 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

Wireshark 3.6 and later support DoIP up to ISO 13400-2:2019. (2019 means Version 3 in header field version). 2019 is still the newest released version.

I am looking right now at a DoIP trace with Version 3 in Wireshark 3.6.7 and it shows this:

DoIP (ISO13400) Protocol
    Header
        Version: DoIP ISO 13400-2:2019 (0x03)
        Inverse version: 0xfc
        Type: Vehicle identification request (0x0001)
        Length: 0

Version 4 does not exist yet, but it will be used by "ISO 13400-2:2019 Amd1". As this is not final (as far as I know), it would be really hard to know how to parse messages, if the format might have changed or will change.

I created a MR for Wireshark Master that allow the header version 4: https://gitlab.com/wireshark/wireshar...

LarsV's avatar
1
LarsV
answered 2022-08-23 14:57:14 +0000
edit flag offensive 0 remove flag delete link
more

Comments

MR has been merged and is available to test from the automated builds.
(Wireshark-win64-4.1.0rc0-118-g89457e01dac8.exe or newer)

Chuckc's avatar Chuckc (2022-08-27 13:12:14 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer