<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Hi Enki,</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">I have not read C37.118 in details before. But I contributed the DNP3 analyzer in Bro both on top of TCP and UPD, may be you can take a look. DNP3 also have some similar characteristics, like the parsing of the current packets depends on the previous packet. Hope this helps.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Best,</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Hui Lin</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jun 27, 2019 at 10:09 AM Enki <<a href="mailto:fyiohhai@gmail.com">fyiohhai@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">I’m trying to create my first protocol analyzer with BinPac
for the synchrophasor protocol (IEEE Std C37.118) – from what I can tell,
nobody has made an analyzer for it yet. I'm trying to define the message format
in synchrophasor-protocol.pac. However, stuff like the format of data packets are based on a previously sent configuration packet. How do I write
synchrophasor-protocol.pac so I can parse them based on the previously sent packet? Here’s some documentation on the protocol
if you need it: <a href="http://smartgridcenter.tamu.edu/resume/pdf/1/SynPhasor_std.pdf" style="color:rgb(5,99,193);text-decoration:underline" target="_blank">http://smartgridcenter.tamu.edu/resume/pdf/1/SynPhasor_std.pdf</a><span></span></p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span> </span></p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Again, this is my first time trying to write a protocol
analyzer with BinPac, so sorry if this is obvious.<span></span></p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span> </span></p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Thank you<span></span></p>
</div>
_______________________________________________<br>
Zeek mailing list<br>
<a href="mailto:zeek@zeek.org" target="_blank">zeek@zeek.org</a><br>
<a href="http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek" rel="noreferrer" target="_blank">http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek</a></blockquote></div>