Editing, Adding and Modifying Messages

Editing or modifying a message can be accomplished through the Message View or Tree View sections or by writing and running a relevant Script (an active Peryton-Scripting Add-On license is required for writing Scripts). Adding or saving messages to or from message templates as well as duplicating messages or restoring their content to their original value can be done via the Message View section.

Notes:
Modifying/Editing messages is only possible when in Off-Line analysis mode – see par. ‎IV.11.3.2.
If fields such as IP sections (UDP, ICMP, TCP) are edited, the analyzer will not recalculate the related checksum, the user may do so by manually modifying these fields.

If relevant, display of dependencies between messages (e.g. related messages, link between messages, etc.) will only get updated when reopening the .ANL file that contains the modified messages.

Only fields that include data actually captured can be edited.
I.e. fields that are deduced by the analyzer, (in graphic mode these are marked with a little white triangle on the top-left angle of the message and both in graphic and table modes they include a relevant tooltip), can't be edited – e.g. 'Msg', 'Info' and 'Dev' including their sub-fields).
FCS will be automatically recalculated and updated to reflect the change done.

When altering encryption related data fields (the encrypted payload, or the encryption related fields like frame counter, source address etc.), the user can choose the key to use for re encrypting the message from the security Keys Management list. See par.‎1.1.2.
Editing encrypted sections and parameters of the following protocols and layers is supported: APS, NWL, RF4CE, GP and MAC.

Due to the complexity of some encryption scenarios, editing of messages that include encryption within encryption (e.g. tunneling messages that include encryption and then also are encrypted in the APS and NWL layers), may not be reconstructed correctly after being edited.

De-fragmented sections (e.g. 6LoWPAN large messages that include fragmentation), can't be edited.

Table 3 – Editing messages – handling of types and scenarios

48.1.1    Modifying Messages in Message and Message Tree Views

Entering into the edit mode of a specific field is achieved by double-clicking on the lower part of the specific field in the Message View section when the message is in graphic-mode (double clicking on the upper part of fields that include the expand/collapse symbol on them, will expand/collapse the field sections accordingly) or by double clicking on the required field value in tabular mode:

Figure 313 – Entering into edit mode – Message View graphic mode

Figure 314 – Entering into edit mode – Message View tabular mode

The message can be edited also by double-clicking on the selected field in Message Tree View:

Figure 315 – Entering into edit mode – Message Tree View

When in edit-mode a relevant 'Modify message' form will appear with relevant data and options related to the field being edited:

Figure 316 – Editting form of a specific field

•    The 'Modify message' form title

Shows the original message number and the field name being edited within it.

•    Field Type:

Shows the original field type (List, HEX_VALUE, ID_STRING, etc.) and its original length.

•    Possible Values:

When active, this drop-down list shows all possible values based on the specifications of the active analysis protocol chosen and a brief description of their meaning.

•    Value:

When active, this field shows the value of the current chosen field. This value can be edited or deleted (by pressing the delete key <Delete>). If the value exists in the possible values list, the list will show the meaning for this value, otherwise it will note ‘N/A’.

Note: The field value can be modified either by choosing from the possible values drop-down list (when available) or by entering a value in the value entry field.

Figure 317 – Manually changing a specific field

Note: The field edit mode can be hex or decimal according to the analyzer default for this field that can be changed via the User Preferences form (see par.‎IV.19.4, 'Message View Tab', ' Value Display Mode).

When editing a field that contains a list of hexadecimal data bytes, the user can alter the data and even change a specific bit within it:

Figure 318 – Editing form of hex or ASCII values

Bytes can be also easily deleted by selecting them and pressing the delete key <Delete>.

Note:
The user can edit the chosen value in hex or ASCII modes by clicking with the mouse on the relevant section or by pressing the tab and shift-tab keys.

Pressing on the "Update" button or <CR> after finishing editing the field will update the message with the requested change.
Note: Edited messages will be saved only after saving them into a new .ANL file – see par. ‎1.2.

Edited messages are marked with a special pattern of the 'Msg' field and a relevant text will be included within the 'Msg' field tooltip (when placing the mouse over it):

Figure 319 – How a modified message in Message View is shown – graphic mode

Figure 320 – How a modified message in Message View is shown – table mode

A relevant text will be included also in the Msg field tooltip for edited messages shown in Message Tree View:

Figure 321 – How a modified message in Message Tree View is shown

Similarly such messages' pattern will be marked in the Time View window:

Figure 322 – How a modified message in Time View is shown

Once a field is modified, the message is rebuilt based on this new field so some sections may be removed and others added (e.g. changing a MAC frame type from Data to Command).

Right clicking on a selected modified message allows restoring the message to its initial value. This action can be also performed (in Message View graphic or tabular modes) to a group of pre-selected marked messages:

Figure 323 – Restoring a message to its original content

If a message content is returned to its original value, the message will be marked back to its non- modified state (no special pattern in the 'Msg' field).

Notes:
The special pattern color of edited messages can be changed using the User Preferences tool – in the Time and Message Views tabs, as required.
Note that the special pattern changes may take effect only after re-loading the edited .ANL file into the analyzer.
After a message or messages are edited, the text '(modified)' will appear in the main window title line (this text will disappear if the messages' content is restored to their original value.

48.1.2    Modifying Encryption Keys

In case of an encrypted message, double-clicking on the lower part of the Decryption Block field opens the Security Keys List form and allows using any of the keys in the list for re-encrypting the message (see chapter ‎IV.16):

Figure 324 – Entering into edit mode of encrypted fields

Figure 325 – Keys Management form

After choosing the desired Security Key and pressing 'OK', the Perytons™ Protocol Analyzer re-encrypts the message using this new key for the relevant protocol layer.

48.1.3    Messages' Templates and Duplicating Messages

A selected message in Message View can be saved as a Message Template (extension .MTPL). This feature is useful when looking to create a data file with messages that are based on a predefined message type, profile, layers, etc.

Messages from template can be loaded to the Message View section and manipulated as with any other message in the Message View section (edit, save to template, etc.):

Figure 326 – Saving a Message as Template

An additional way to add a message is to duplicate an existing, already present message, in the Message View section. The resulting message can be then manipulated as with any other message in the Message View section (edit, save to template, etc.).

Notes:

The PCStartTime sub field (in Info) holds the actual time of capture of the message (based on the PC resolution) and is not editable.

When creating a new message from template, the message StartTime sub field (in Info) will have a time stamp that equals the original StartTime plus a predefined 'Default Time Diff.:' (the default value is 5 msec). This is a parameter that can be set by the user in the User Parameters form. See par. ‎IV.19.4. While editing the different message fields, the user can also change the StartTime subfield (in Info) to set a desired new time-stamp to the message.

New messages (either from a Message Template or duplicated from another message), will be placed at the end of the capture in Time View and at the end of the Messages in the Message View tab where they are added and their timestamp will be adjusted according to the last message in the file.

48.1.4    Modifying Messages through a Script

Editing and modifying messages can be accomplished through a Script.

Note: Unlike manual edit where after each change the message is rebuilt, when modifying a message through a Script, the message will be updated all in one time, once when 'doScript' returns.
For more details on using the Peryton-Scripting Add-On and writing Scripts, see chapter ‎2.

The following functions are used for editing messages using a Script:

        bool packet.UpdateValue(string name, ulong newValue)

or

        bool packet.UpdateValue(string name, byte[] newValue)

(depending on the field type, i.e. HEX LIST or VALUE).

Notes:
Dependencies between messages (e.g. related messages, link between messages, etc.) will only get updated when reopening the .ANL file that contains the modified messages.

The edited message will be rebuilt after all Scripts were executed.

The capability to edit and modify messages by Scripts is enabled for users that have active both Perytons™ Scripting and Perytons™ Traffic Generator Add-On licenses.