[Zeek] (no subject)

Enki fyiohhai at gmail.com
Mon Jul 1 14:16:17 PDT 2019


I took a look at the dp3 files, but I couldn't find anything that helps 
with my use case - - maybe I'm just blind and I missed it. However, I did 
find this older question that fits pretty close to mine:
https://marc.info/?l=bro&m=146194027831545&w=2

I still feel like there's probably a better way to solve this issue than 
what's presented. I'll try it out though, unless anyone knows of any better 
methods.


On June 27, 2019 2:09:31 PM Hugo <hugolin615 at gmail.com> wrote:
> Hi Enki,
>
> I have not read C37.118 in details before. But I contributed the DNP3 
> analyzer in Bro both on top of TCP and UPD, may be you can take a look. 
> DNP3 also have some similar characteristics, like the parsing of the 
> current packets depends on the previous packet. Hope this helps.
>
> Best,
>
> Hui Lin
>
> On Thu, Jun 27, 2019 at 10:09 AM Enki <fyiohhai at gmail.com> wrote:
> I’m trying to create my first protocol analyzer with BinPac
> for the synchrophasor protocol (IEEE Std C37.118) – from what I can tell,
> nobody has made an analyzer for it yet. I'm trying to define the message format
> in synchrophasor-protocol.pac. However, stuff like the format of data 
> packets are based on a previously sent configuration packet. How do I write 
>  synchrophasor-protocol.pac so I can parse them based on the previously 
> sent packet? Here’s some documentation on the protocol
> if you need it: http://smartgridcenter.tamu.edu/resume/pdf/1/SynPhasor_std.pdf
>
> Again, this is my first time trying to write a protocol
> analyzer with BinPac, so sorry if this is obvious.
>
> Thank you
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek


Sent with AquaMail for Android
https://www.mobisystems.com/aqua-mail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190701/79b54a14/attachment.html 


More information about the Zeek mailing list