Introduction

Wireshark is the most popular tool for analyzing network traffic in TCP/IP based networks. It runs on a lot of platforms and offers many options for filtering and displaying the captured data.

I implemented a Wireshark protocol dissector for DVB-CI (Common Interface).

This page has some infos about the dissector and sample capture data.

DVB-CI

DVB-CI defines an interface between a DVB receiver (TV set, Bluray recorder etc.) and a PC-Card module. It consists of a transport stream interface and a command interface.

On the transport stream interface, a DVB Transport Stream can be routed through the module and optionally be descrambled. The command interface transfers commands like start descrambling. It uses layered network protocols based on OSI (yes, there’s too many layers ;)

The DVB-CI dissector can process all information that is typically available from DVB-CI capturing hardware. This includes hardware events (such as transport stream routing changed, module inserted etc.) and data exchanged on the command interface.

On the command interface, the patch supports link, transport and session layer as defined in the DVB-CI specification. (Fragmentation is not included yet.)

On the application layer, the following resources are supported.

As soon as my patch is integrated in wireshark, I plan to add fragmentation, support for more DVB-CI resources (e.g. MMI) and for CI+. However, my first priority is to fix bugs that prevent merging into the wireshark repository.

Wireshark’s DVB-CI data format

DVB-CI is not sitting on top of any other protocol. Therefore, the captured data goes directly into a pcap file. I defined a pseudo-header around the tranfered bytes. The pseudo-header encodes data transfer, hardware events and other information that may be available from a capturing tool.

This pcap format for DVB-CI is defined on a separate page.

Configuration of the dissector

DVB-CI uses length fields in ASN.1 BER format in many messages. To dissect these length fields, the DVB-CI dissector uses the existing BER code. To display details of each length field, select Show internal BER encapsulation tokens from the Edit / Preferences / Protocols / BER preferences.

Sample captures

Screenshot of wireshark analyzing DVB-CI packets

This capture was taken from a capture tool without support for timestamps. If timestamps are available, they can be encoded in the pcap files and wireshark will process them.

/images/wiresharkDvbciPcap.png

Questions, comments

Please send any questions or comments to www(at)kaiser(dot)cx

back to homepage