Table of Contents

Introduction

Wireshark is a useful tool for capturing and analysing network traffic. Out of the box it supports numerous protocols including AX.25, and can be extended to decipher many more,

AXUDP and AXTCP

In order to handle encapsulated AX.25 it's necessary to use a small script to tell Wireshark which ports it should expect to find traffic on, and to decipher it.

Either or both of these scripts can be installed in the Wireshark Personal Plugin Folder.

The udp_table:add or tcp_table:add lines can be repeated to process traffic on additional ports.

ax25-udp.lua

--
-- LUA script to handle AX.25 over UDP
-- Copyright 2015 R.W. Stearn <[email protected]>
--
-- This program is free software; you can redistribute it and/or
-- modify it under the terms of the GNU General Public License
-- as published by the Free Software Foundation; either version 2
-- of the License, or (at your option) any later version.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program; if not, write to the Free Software
-- Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
--
--
-- load the udp.port table
udp_table = DissectorTable.get( "udp.port" )


-- get a handle to the AX.25 dissector
proto_ax25 = Dissector.get( "ax25" )


-- register AX.25 to handle udp port
udp_table:add( 10093, proto_ax25 )

ax25-tcp.lua

-- LUA script to handle AX.25 over TCP
-- Copyright 2015 R.W. Stearn <[email protected]>

-- This program is free software; you can redistribute it and/or
-- modify it under the terms of the GNU General Public License
-- as published by the Free Software Foundation; either version 2
-- of the License, or (at your option) any later version.

-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-- GNU General Public License for more details.

-- You should have received a copy of the GNU General Public License
-- along with this program; if not, write to the Free Software
-- Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

--


-- load the tcp.port table
tcp_table = DissectorTable.get( "tcp.port" )


-- get a handle to the AX.25 dissector
proto_ax25 = Dissector.get( "ax25" )


-- register AX.25 to handle tcp port
tcp_table:add( 10093, proto_ax25 )

(source https://osqa-ask.wireshark.org/questions/41221/dissecting-ax25-included-in-udp-ip-payload-applying-existing-dissector/ )