[Zeek] (no subject)
Enki
fyiohhai at gmail.com
Mon Jul 1 14:16:17 PDT 2019
I took a look at the dp3 files, but I couldn't find anything that helps
with my use case - - maybe I'm just blind and I missed it. However, I did
find this older question that fits pretty close to mine:
https://marc.info/?l=bro&m=146194027831545&w=2
I still feel like there's probably a better way to solve this issue than
what's presented. I'll try it out though, unless anyone knows of any better
methods.
On June 27, 2019 2:09:31 PM Hugo <hugolin615 at gmail.com> wrote:
> Hi Enki,
>
> I have not read C37.118 in details before. But I contributed the DNP3
> analyzer in Bro both on top of TCP and UPD, may be you can take a look.
> DNP3 also have some similar characteristics, like the parsing of the
> current packets depends on the previous packet. Hope this helps.
>
> Best,
>
> Hui Lin
>
> On Thu, Jun 27, 2019 at 10:09 AM Enki <fyiohhai at gmail.com> wrote:
> I’m trying to create my first protocol analyzer with BinPac
> for the synchrophasor protocol (IEEE Std C37.118) – from what I can tell,
> nobody has made an analyzer for it yet. I'm trying to define the message format
> in synchrophasor-protocol.pac. However, stuff like the format of data
> packets are based on a previously sent configuration packet. How do I write
> synchrophasor-protocol.pac so I can parse them based on the previously
> sent packet? Here’s some documentation on the protocol
> if you need it: http://smartgridcenter.tamu.edu/resume/pdf/1/SynPhasor_std.pdf
>
> Again, this is my first time trying to write a protocol
> analyzer with BinPac, so sorry if this is obvious.
>
> Thank you
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
Sent with AquaMail for Android
https://www.mobisystems.com/aqua-mail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190701/79b54a14/attachment.html
More information about the Zeek
mailing list