Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: [Ethereal-dev] Re: DNP3 Dissector Additions

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Chris Bontje <chrisbontje@xxxxxxx>
Date: Mon, 20 Jun 2005 22:56:17 -0600
All,

Here are the additions to the DNP3 dissector as promised.  I would like to submit this patch for the next version of Ethereal.  These modifications should be considered preliminary, here is a brief summary of what was added:

- Added Application Layer Object Decoding.  Supports IIN bits and most of the common objects & variations (Binary Inputs, Binary Outputs, Control Relay O/P Block, Binary Counters, Analog Inputs, Class Data, Time Formats).  Support will be added for other objects/vars as captures with examples of them can be provided.

- Added support for more Application Layer function codes.  Support for remaining codes will be added in as captures can be provided.

- Added UDP/IP port 20000 as a default DNP3 port (in addition to TCP/IP port 20000), as registered with regulatory bodies.

- Started re-write to support fragments with multiple DNP3-frames and frames seperated between multiple fragments (both UDP & TCP).

This dissector has been tested w/ a wide varity of DNP3 SCADA captures, if there is a capture that generates errors or invalid output, please provide it so appropriate fixes can be made! :)  The same goes for any suggestions or comments regarding the output formatting - just because I like this output doesn't mean someone else is expected to!

This diff file was created using the 'diff' util with the -u command-line switch, let me know if it is not acceptable for submission.  The testing has primarily been done on the VC6 platform, please let me know if issues are encountered w/ any *nix builds.

Thanks goes out to Graham Bloice for his invaluable assistance w/ the whole process of adding this support.

Regards,

Chris Bontje
Calgary, Alberta, Canada

----- Original Message -----
From: Chris Bontje <chrisbontje@xxxxxxx>
Date: Saturday, June 4, 2005 8:01 pm
Subject: DNP3 Dissector Additions

> All,
> 
> I have recently been tinkering w/ the DNP3 dissector included in 
> the latest public source release of Ethereal.
> 
> I've successfully added in Application Layer Decoding support for 
> several objects and am planning on adding a mostly complete 
> library.  So far I have added in some of the most common object 
> variations for Binary Inputs, Outputs, Analog Inputs (16-bit & 32-
> bit) and Binary Counters.
> 
> I have several Ethereal captures from various SCADA networks w/ 
> DNP3 traffic and have been punishment-testing my work to the best 
> of my abilities...  so far so good!
> 
> When I'm satisified w/ my code, I'll be certain to post my changes 
> to the source tree so that they can (hopefully) be included in the 
> official release.
> 
> Here's hoping my intermediate-level coding is clean enough to make 
> it into an excellent project like Ethereal!
> 
> Regards,
> 
> Chris Bontje
> Calgary, Alberta, Canada
>

Attachment: packet-dnp-patch.diff
Description: Binary data

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube