Ethereal-dev: [Ethereal-dev] Re: DNP3 Dissector Additions

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Chris Bontje <chrisbontje@xxxxxxx>
Date: Mon, 20 Jun 2005 22:56:17 -0600
All,

Here are the additions to the DNP3 dissector as promised.  I would like to submit this patch for the next version of Ethereal.  These modifications should be considered preliminary, here is a brief summary of what was added:

- Added Application Layer Object Decoding.  Supports IIN bits and most of the common objects & variations (Binary Inputs, Binary Outputs, Control Relay O/P Block, Binary Counters, Analog Inputs, Class Data, Time Formats).  Support will be added for other objects/vars as captures with examples of them can be provided.

- Added support for more Application Layer function codes.  Support for remaining codes will be added in as captures can be provided.

- Added UDP/IP port 20000 as a default DNP3 port (in addition to TCP/IP port 20000), as registered with regulatory bodies.

- Started re-write to support fragments with multiple DNP3-frames and frames seperated between multiple fragments (both UDP & TCP).

This dissector has been tested w/ a wide varity of DNP3 SCADA captures, if there is a capture that generates errors or invalid output, please provide it so appropriate fixes can be made! :)  The same goes for any suggestions or comments regarding the output formatting - just because I like this output doesn't mean someone else is expected to!

This diff file was created using the 'diff' util with the -u command-line switch, let me know if it is not acceptable for submission.  The testing has primarily been done on the VC6 platform, please let me know if issues are encountered w/ any *nix builds.

Thanks goes out to Graham Bloice for his invaluable assistance w/ the whole process of adding this support.

Regards,

Chris Bontje
Calgary, Alberta, Canada

----- Original Message -----
From: Chris Bontje <chrisbontje@xxxxxxx>
Date: Saturday, June 4, 2005 8:01 pm
Subject: DNP3 Dissector Additions

> All,
> 
> I have recently been tinkering w/ the DNP3 dissector included in 
> the latest public source release of Ethereal.
> 
> I've successfully added in Application Layer Decoding support for 
> several objects and am planning on adding a mostly complete 
> library.  So far I have added in some of the most common object 
> variations for Binary Inputs, Outputs, Analog Inputs (16-bit & 32-
> bit) and Binary Counters.
> 
> I have several Ethereal captures from various SCADA networks w/ 
> DNP3 traffic and have been punishment-testing my work to the best 
> of my abilities...  so far so good!
> 
> When I'm satisified w/ my code, I'll be certain to post my changes 
> to the source tree so that they can (hopefully) be included in the 
> official release.
> 
> Here's hoping my intermediate-level coding is clean enough to make 
> it into an excellent project like Ethereal!
> 
> Regards,
> 
> Chris Bontje
> Calgary, Alberta, Canada
>

Attachment: packet-dnp-patch.diff
Description: Binary data