Repository Return

I and several colleagues of mine have needed an Arinc 615a dissector for Wireshark. I couldn't find an existing one so I've decided to write my own. I intend to return to this post and do a thorough write-up about the dissector and the Arinc 615a protocol. I also may make a future post regarding the process of developing a Wireshark dissector. In the meantime, I will link to the repository and duplicate the README details here.

Arinc 615a Wireshark Dissector
Copyright (C) 2018  Alex Rhodes

This is a dissector for the Arinc 615a data loader protocol.


This plugin requires a modification to the Wireshark code base that will be present in release versions >= 2.6.3, see the build instructions below for more details.

This project is still under development. I am tracking bugs/TODOs/Progress here. It is likely to contain bugs and require improvments. I appreciate suggestions.


1. User's Guide/Instructions (see below build instructions)
2. Thorough testing/validation/verification
3. Wireshark best-practices/formatting/code review

Protocol dissection:

.LCI Load Configuration Initialization
.LCL Load Configuration List
.LCS Load Configuration Status
.LNA Load Download Answer
.LND Load Download Disk
.LNL Load Download List
.LNO Load Download Operator
.LNR Load Download Request
.LNS Load Download Status
.LUI Load Upload Initialization
.LUS Load Upload Status
.LUR Load Upload Request

665 Protocol Files Not Implemented (nice-to-have):
.LUB Load Upload Batch: Defined by ARINC Report 665
.LUH Load Upload Header: Defined by ARINC Report 665.
.LUM Load Upload Media: Defined by ARINC Report 665.
.LUP Load Upload Part (Data File): Defined by ARINC Report 665.

Pre-built development build

I will periodically update this repository with a development build until Wireshark 2.6.3 is released, at which point I will switch to only development build of the plugin DLL. For now, a modified 2.6.2 build with the plugin is available here:

Wireshark 2.6.2 with Arinc 615a Dissection Temporarily unavailable. For now you'll have to build from source.

However, I strongly prefer it be built from source.

When the plugin is "finished", I will look into submitting it to the Wireshark project.

Build Instructions


This plugin will only work with Wireshark 2.6 and 2.9 after this commit, so pull down the newest code before building. The plugin utilizes a function that was not exported until that change was submitted. This change will be present in the public release of Wireshark v2.63 or greater.

  1. Follow the Wireshark build/environment instructions to get a base build running.
  2. Add the appropriate version of this project to a directory in plugins/epan/ eg: plugins/epan/a615a (copy the contents of the appropriate v2.6 or v2.9 directory in this repo)
  3. Rename/copy the CMakeListsCustom.txt.example in the wireshark root directory to CMakeListsCustom.txt and modify with the new plugin:

    # Fail CMake stage if any of these plugins are missing from source tree
    #   private_plugins/foo
    # or
  4. Build as normal.


I will write up thorough/accurate instructions once the plugin is closer to being finalized. For now:

  1. Disable TFTP or set the TFTP port range to 0 in Wireshark's preferences.
  2. Set the A615a port range to the required values for your network/trace.
  3. Set the A615a control port range to the control ports present in your trace. (for example: 59,55100)
  4. See the available fields/filters by typing a615a. in the filter bar. (these need improvement)
  5. Refer to the progress above for implemented files.

If your packets do not display as A615a, check your port range. If there are a lot of "incomplete file" labels, check your control ports. Anything else is probably a bug.

Get honeypotted? I like spam. Contact Us Contact Us Email Email email: