CDP Wireshark Dissector User Manual by jtl17221

VIEWS: 75 PAGES: 14

									                                                              Product:          CDP Wireshark Dissector

                                                              Product version: V1.0

                                                              Document ID:      UM-CDP Wireshark
                                                              Doc revision:     PA1

                                                              Written/Appr.:    lv / SL


Industrial Control Design AS




CDP Wireshark Dissector V1.0
Users Manual




               The content of this document is confidential information not to be
                published without the consent of Industrial Control Design AS.

            Industrial Control Design AS, www.icd.no, support@icd.no, forum.icd.no
                                                                                                                                         Industrial Control Design AS
                                                                                                                CDP Wireshark Dissector V1.0 Users Manual, rev. PA1




Contents
1. INTRODUCTION ................................................................................................................................. 4

1.1. About ......................................................................................................................................................................................... 4

1.2. Terms and Definitions................................................................................................................................................................ 4



2. INSTALLATION .................................................................................................................................. 5

2.1. Installing Wireshark ................................................................................................................................................................... 5

2.2. Installing CDP Wireshark Dissector .......................................................................................................................................... 5



3. FUNCTIONAL DESCRIPTION ........................................................................................................... 6

3.1. Run Wireshark ........................................................................................................................................................................... 6

3.2. Analyze CDP messages ............................................................................................................................................................ 7

3.3. Filtering ...................................................................................................................................................................................... 8
3.3.1. Capture filter ........................................................................................................................................................................... 8
3.3.2. Display filter ............................................................................................................................................................................ 9
3.4. Decoding As... ......................................................................................................................................................................... 10



4. APPENDIX ........................................................................................................................................ 12

4.1. List of CDP messages ............................................................................................................................................................. 12
4.1.1. CM_APPLICATIONNOTIFY ................................................................................................................................................. 12
4.1.2. CM_APPLICATIONDISASTER ............................................................................................................................................ 12
4.1.3. CM_APPLICATIONNOTIFY_RD .......................................................................................................................................... 12
4.1.4. CM_MESSENGERIO_RAW ................................................................................................................................................. 12
4.1.5. CM_MESSENGERIO_RAW_RD.......................................................................................................................................... 12
4.1.6. CM_MESSENGERIO_RAW_SYNCRD ................................................................................................................................ 12
4.1.7. CM_MESSENGERIO_REQUESTSIGNAL........................................................................................................................... 12
4.1.8. CM_MESSENGERIO_DESCRIPTION ................................................................................................................................. 12
4.1.9. CM_REQUESTHANDLE ...................................................................................................................................................... 13
4.1.10. CM_REQUESTSIGNALHANDLE ....................................................................................................................................... 13
4.1.11. CM_NOTIFY ....................................................................................................................................................................... 13
4.1.12. CM_REQUESTSTATUS .................................................................................................................................................... 13
4.1.13. CM_STATUS ...................................................................................................................................................................... 13
4.1.14. CM_STATUSUPDATE ....................................................................................................................................................... 13
4.1.15. CM_MESSENGERIO_RDUPDATE ................................................................................................................................... 13
4.1.16. CM_MESSENGERIO_RDCONFIRM ................................................................................................................................. 13
4.1.17. CM_MESSAGERECEIPT................................................................................................................................................... 13
4.1.18. CM_QUERYSIGNALS ........................................................................................................................................................ 13
4.1.19. CM_SIGNALINFO .............................................................................................................................................................. 14
4.1.20. CM_SIGNALUPDATEINFO................................................................................................................................................ 14
4.1.21. CM_QUERYTOPLEVELCOMPONENTS ........................................................................................................................... 14
4.1.22. CM_TOPLEVELCOMPONENTS ........................................................................................................................................ 14
4.1.23. CM_QUERYALARMS ........................................................................................................................................................ 14
4.1.24. CM_ALARMINFO ............................................................................................................................................................... 14
4.1.25. CM_ALARMUPDATEINFO ................................................................................................................................................ 14
4.1.26. CM_QUERYMESSAGEINTERFACE ................................................................................................................................. 14
4.1.27. CM_MESSAGEINTERFACEINFO ..................................................................................................................................... 14
4.1.28. CM_QUERYSTATES ......................................................................................................................................................... 14
4.1.29. CM_STATEINFO ................................................................................................................................................................ 15




                                                                                         2     /2
4.1.30. CM_QUERYSUBCOMPONENTS ...................................................................................................................................... 15
4.1.31. CM_SUBCOMPONENTSINFO .......................................................................................................................................... 15
4.1.32. CM_QUERYOBJECTLIST ................................................................................................................................................. 15
4.1.33. CM_QUERYSTATETRANSITIONS ................................................................................................................................... 15
4.1.34. CM_STATETRANSITIONSINFO ........................................................................................................................................ 15
4.1.35. CM_CLOCKSYNC .............................................................................................................................................................. 15
4.1.36. CM_EVENT_SUBSCRIPTION_REQUEST........................................................................................................................ 15
4.1.37. CM_EVENT_SUBSCRIPTION_CONFIRM ........................................................................................................................ 15
4.1.38. CM_EVENT_UPDATE ....................................................................................................................................................... 15
 1. Introduction
 1.1. About
This document describes the CDP Dissector plugin for Wireshark, Network protocol Capture and Analyzer,
which captures and dissects (analyzes) the network packets sent across a network, which can be “seen” by a
specified network connection on a machine running Wireshark.

The Wireshark has the ability to analyze a large number of protocols, from the lowest network transport
protocols, up to customer defined protocols. Obviously, to dissect and analyze a proprietary protocol, code is
needed. This code is implemented in a plugin, a dedicated DLL, which must be placed in a certain subfolder of
the Wireshark package.

The CDP system runs its own protocol layered on top of the UDP protocol. CDP protocol is identified among
the other Wireshark plugin protocols with the protocol tag “CDP.2040” as the protocol name, and is associated
with the UDP port 2040.




 1.2. Terms and Definitions
CDP
Control Design Platform.

Plugin
A DLL written according to the Wireshark specification, which shall be “plugged in” into Wireshark

Dissector
Code that analyzes (dissects) network packets, according to a protocol specification

Protocol tag
A text string that identifies a protocol among other protocols

CDP commands
Text strings which begin with “CM_”, that identifies the types of CDP messages across the network

Interface
An active network adapter that intercepts network traffic
2. Installation
The CDP Wireshark Dissector can be delivered both as source code and as a separate DLL library which shall
be plugged in into Wireshark package.

Prerequisites:
         A valid CDP license
         Familiar with CDP
         Familiar with Wireshark




2.1. Installing Wireshark
Go to the URL http://www.wireshark.org/download.html, download and install the latest release of the
Wireshark product (currently version 1.0.4).




2.2. Installing CDP Wireshark Dissector
Copy the file CDP0.DLL supplied by ICD, into the plugins folder of the Wireshark installation path. Usually,
after a default installation, this will be “c:\Program Files\Wireshark\plugins\1.0.4”.
 3. Functional description
 3.1. Run Wireshark
Start Wireshark. From the main menu, select “Capture – Interfaces”. Select the interface (adapter) that you want
Wireshark to analyze.




Before you Start, you can set some options:




Here you can for example set a capture filter (see “Filtering”), and specify a capture file.
Click Start, and the capturing begins. You can see the captured frames, one row per frame, in the upper panel of
the window:




If CDP traffic is present on the network, you can distinguish the frames (rows) identified by the tag (text)
“CDP.2040” in the “Protocol” column.

Each row is identified by several attributes / columns:

         frame number
         time stamp
         source IP
         destination IP
         protocol (highest layer)
         info




 3.2. Analyze CDP messages
You will notice that the CDP messages have, in the “Info” column, text that identifies the Command parameter
of the specified message. These strings begin with “CM_”, as defined in the CDP specification. Wherever
applicable, the command text is followed by the name of the application that sent the packet.

The lower pane is the details pane. Here the full description of the frame selected is shown in tree view. By first
selecting one CDP frame (raw) in the upper pane, results in the lower frame are presented with 5 trees, one for
each network layer of the frame:

         Frame (raw byte data)
         Ethernet (source, destination)
         Internet Protocol IP
         User Datagram Protocol UDP
         CDP.2040 Protocol.
Selecting the CDP protocol tree, you will see 3 subtrees:
         Message Transport Header
         Message Header
         Message Data




These trees present the full content of a CDP message, accordingly to the CDP specification, in terms
comfortable for the designer / user / tester of the CDP applications: application names, signal names, signal
values, etc.




 3.3. Filtering
One very powerful feature of Wireshark is that it offers the user the possibility to filter the network packets.
There are 2 types of filters:

         capture filter
         display filter.

The Capture filter filters the packets captured by Wireshark on the wire, while the display filter filters the
packets shown on display. The format for the two types of filters are somewhat similar.

3.3.1. Capture filter
From the main menu, click on “Capture – Capture filters”, and a pop-up windows will show you a list of
existing capture filters. You can select one from the list or define one. See the “Wireshark User's Guide” for
more information.

Here is an example of a capture filter, specifying that the Wireshark shall capture CDP frames only:
3.3.2. Display filter
The easiest way to apply a display filter is to use the “Filter”text box, above the upper pane. Here is an example
of a display filter, where on the display will be shown only CDP messages of type “CM_REQUESTSIGNAL”
(0x0004000b):




You have the possibility to define, save and use a wide number of filter expressions (C-style expressions), using
the protocol name (CDP.2040) and the internal variables of our dissector, which are field names in the
message structures. A list of these variables can be obtained by clicking on “Expression” button and selecting
the CDP.2040 protocol, shown in this figure:
The most important internal variable is mes.command, which contains the type of the actual CDP message,
and is used intensively in display filters.




3.4. Decoding As...
Another powerful feature of Wireshark is the possibility to change the way a specific packet type will be
decoded. For our purposes, this is indeed a powerful feature, because our plugin deal only with CDP messages
on port 2040 ! For CDP messages which are sent to other CDP ports (2041, 2042, etc) you must use this feature.
To do this, select in the upper frame a row which is identified with a certain CDP port (let's say UDP port 2041),
right-click on that row, and use the pop-up dialog to specify that this frame – an all on that port – shall be
subsequently decoded – in our case – as CDP.2040.
 4. Appendix
 4.1. List of CDP messages
In the present release, the CDP messages decoded by the CDP dissector are:


4.1.1. CM_APPLICATIONNOTIFY
Id:              0x00030001
Field vars:      mes.name


4.1.2. CM_APPLICATIONDISASTER
Id:              0x00030002
Field vars:


4.1.3. CM_APPLICATIONNOTIFY_RD
Id:              0x00030009
Field vars:      mes.name


4.1.4. CM_MESSENGERIO_RAW
Id:              0x00040007
Field vars:      mes.nrofsignals, mes.signalvalue


4.1.5. CM_MESSENGERIO_RAW_RD
Id:              0x00040008
Field vars:      mes.nrofsignals, mes.signalvalue


4.1.6. CM_MESSENGERIO_RAW_SYNCRD
Id:              0x00040009
Field vars:      mes.nrofsignals, mes.signalvalue


4.1.7. CM_MESSENGERIO_REQUESTSIGNAL
Id:              0x0004000B
Field vars:      mes.signalname


4.1.8. CM_MESSENGERIO_DESCRIPTION
Id:              0x0004000A
Field vars:      mes.signalname
4.1.9. CM_REQUESTHANDLE
Id:           0x00020006
Field vars:   mes.name


4.1.10. CM_REQUESTSIGNALHANDLE
Id:           0x00020106
Field vars:   mes.name


4.1.11. CM_NOTIFY
Id:           0x00020004
Field vars:   mes.name


4.1.12. CM_REQUESTSTATUS
Id:           0x00020007
Field vars:


4.1.13. CM_STATUS
Id:           0x00020008
Field vars:   mes.name


4.1.14. CM_STATUSUPDATE
Id:           0x00020108
Field vars:   mes.handle


4.1.15. CM_MESSENGERIO_RDUPDATE
Id:           0x0004000C
Field vars:   mes.signalname


4.1.16. CM_MESSENGERIO_RDCONFIRM
Id:           0x0004000D
Field vars:


4.1.17. CM_MESSAGERECEIPT
Id:           0x00030007
Field vars:


4.1.18. CM_QUERYSIGNALS
Id:           0x00020008
Field vars:
4.1.19. CM_SIGNALINFO
Id:           0x00020019
Field vars:   mes.signalname


4.1.20. CM_SIGNALUPDATEINFO
Id:           0x00020119
Field vars:


4.1.21. CM_QUERYTOPLEVELCOMPONENTS
Id:           0x0002001C
Field vars:


4.1.22. CM_TOPLEVELCOMPONENTS
Id:           0x0002001D
Field vars:   mes.name


4.1.23. CM_QUERYALARMS
Id:           0x00020016
Field vars:


4.1.24. CM_ALARMINFO
Id:           0x00020017
Field vars:   mes.name


4.1.25. CM_ALARMUPDATEINFO
Id:           0x00020117
Field vars:


4.1.26. CM_QUERYMESSAGEINTERFACE
Id:           0x0002000A
Field vars:


4.1.27. CM_MESSAGEINTERFACEINFO
Id:           0x0002000B
Field vars:


4.1.28. CM_QUERYSTATES
Id:           0x0002000C
Field vars:
4.1.29. CM_STATEINFO
Id:           0x0002000D
Field vars:   mes.name


4.1.30. CM_QUERYSUBCOMPONENTS
Id:           0x00020012
Field vars:


4.1.31. CM_SUBCOMPONENTSINFO
Id:           0x00020013
Field vars:   mes.name


4.1.32. CM_QUERYOBJECTLIST
Id:           0x0001001C
Field vars:


4.1.33. CM_QUERYSTATETRANSITIONS
Id:           0x0002000E
Field vars:   mes.name


4.1.34. CM_STATETRANSITIONSINFO
Id:           0x0002000F
Field vars:   mes.fromstate, mes.tostate


4.1.35. CM_CLOCKSYNC
Id:           0x0001000D
Field vars:


4.1.36. CM_EVENT_SUBSCRIPTION_REQUEST
Id:           0x00021110
Field vars:


4.1.37. CM_EVENT_SUBSCRIPTION_CONFIRM
Id:           0x00021111
Field vars:

4.1.38. CM_EVENT_UPDATE
Id:           0x00021112
Field vars:

								
To top