In preparation for some software development work contributing to XLX reflector software I wanted to disassemble the UDP stream exchanged between D-Star reflectors and a reflector and a connected node respectively. My wish is to add the output of the user configuralbe 20 character message to the dashboard. If running well I would also replace the link to aprs.fi with an output of GPS data transmitted by the client if available. The current solution just links to the callsign which is not necessarilly the real current position.
My idea was to create a dissector for Wireshark. As I am not much into C I decided to give Lua a try. After some issues I got some running code. The output can be seen above. It allows for inspecting the UDP data stream from and to a reflector. The input file is a simple packet capture taken with tcpdump. Here it is a stream from an XLX reflector (port UDP/10002).
You can get the code from [1] and integrate it on-the-fly into your Wireshark. You will be able to see the raw AMBE data transmitted as well as the descrambled slow data transmitted in every stream. The descramlber just XORs the 3 bytes slow data with 0x70 0x4f 0x93 and displays the descrambled data in hex.
For the types known [2] there is also some more information like sequence number or type.
References
[1] https://github.com/phl0/dstardissector
[2] http://villazeebries.krbonne.net/hamstuff/?page_id=12