[Bro-Dev] Hui Lin_Some question on Binpac

Hui Lin hlin33 at illinois.edu
Mon Jul 11 22:10:14 PDT 2011


I have been working on modbus protocol analyzer by Binpac, which is an
application-level protocol used in SCADA network.  The protocol itself is
not complex and it is not hard to express it in Binpac. However, this
protocol in application level does not contain the information which can
tell whether the parsing packet is a "request" or a "response". For example,
in HTTP protocol, the http header will include such information. But for
this protocol, the headers for both the request and response are the same.

So if the traffic dump that I am using for the testing starts with the
request, then the analyzer can properly parse it. However, if the traffic
dump starts with the response, then the analyzer will not be properly
parsing the packet. So I am wondering how to resolve this problem in my
protocol analyzer.



Hui Lin
Research Assistant
DEPEND Research Group, ECE Department
University of Illinois at Urbana-Champaign
hlin33 at illinois.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20110711/cc6684e9/attachment.html 

More information about the bro-dev mailing list