====== Introduction ======

[[https://www.wireshark.org/| Wireshark]] is a useful tool for capturing and analysing network traffic. Out of the box it supports numerous protocols including AX.25, and can be extended to decipher many more, 

====== AXUDP and AXTCP ======

In order to handle encapsulated AX.25 it's necessary to use a small script to tell Wireshark which ports it should expect to find traffic on, and to decipher it.

Either or both of these scripts can be installed in the Wireshark [[https://www.wireshark.org/docs/wsug_html/#ChPluginFolders|Personal Plugin Folder]].

The ''udp_table:add'' or ''tcp_table:add'' lines can be repeated to process traffic on additional ports.
===== ax25-udp.lua =====

<code>
--
-- LUA script to handle AX.25 over UDP
-- Copyright 2015 R.W. Stearn <[email protected]>
--
-- This program is free software; you can redistribute it and/or
-- modify it under the terms of the GNU General Public License
-- as published by the Free Software Foundation; either version 2
-- of the License, or (at your option) any later version.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program; if not, write to the Free Software
-- Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
--
--
-- load the udp.port table
udp_table = DissectorTable.get( "udp.port" )


-- get a handle to the AX.25 dissector
proto_ax25 = Dissector.get( "ax25" )


-- register AX.25 to handle udp port
udp_table:add( 10093, proto_ax25 )
</code>

===== ax25-tcp.lua =====

<code>

-- LUA script to handle AX.25 over TCP
-- Copyright 2015 R.W. Stearn <[email protected]>

-- This program is free software; you can redistribute it and/or
-- modify it under the terms of the GNU General Public License
-- as published by the Free Software Foundation; either version 2
-- of the License, or (at your option) any later version.

-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-- GNU General Public License for more details.

-- You should have received a copy of the GNU General Public License
-- along with this program; if not, write to the Free Software
-- Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

--


-- load the tcp.port table
tcp_table = DissectorTable.get( "tcp.port" )


-- get a handle to the AX.25 dissector
proto_ax25 = Dissector.get( "ax25" )


-- register AX.25 to handle tcp port
tcp_table:add( 10093, proto_ax25 )

</code>


(source [[https://osqa-ask.wireshark.org/questions/41221/dissecting-ax25-included-in-udp-ip-payload-applying-existing-dissector/ |https://osqa-ask.wireshark.org/questions/41221/dissecting-ax25-included-in-udp-ip-payload-applying-existing-dissector/]] )