Some updates; xPLLib and WireShark xPL dissector

Today I posted some long overdue updates. Quite some time ago it was agreed to loosen up the xPL protocol with regard to the values in the xPL message body.

From pure ASCII it now allows UTF8 encoding for the values (keys remain ASCII only). At the same time the length restriction of 128 characters was lifted, which basically means that the value can be as long as the overall message size supports (which is set at 1500 bytes).

So todays updates are the xPLLib for .NET, version 5.3, updated to allow these changes and the WireShark dissector, version 1.1, which will now show a warning (for backward compatibility) in cases of UTF8 and long values.

There are some other minor updates too, check the changelog for those.

Continue reading

WireShark xPL dissector; a network protocol analyzer

I’ve recently turned to WireShark to do some network analysis but found tracking the bits and bytes of xPL not too easy, though still not difficult. But when I read that WireShark can be extended using Lua, I started fiddling around with that to see how I could get xPL support in WireShark. And this post is about the results…

The ‘dissector’ I wrote (download is below) will examine xPL packets, and dissect them into the underlying components. This allows you to use WireSharks filtering capabilities to find just the xPL messages you need. Beyond that it will analyze the structure of the messages received and validate that against the xPL protocol, flagging any malformed messages. Continue reading