[Zeek] (no subject)

Hugo hugolin615 at gmail.com
Thu Jun 27 13:08:55 PDT 2019


Hi Enki,

I have not read C37.118 in details before. But I contributed the DNP3
analyzer in Bro both on top of TCP and UPD, may be you can take a look.
DNP3 also have some similar characteristics, like the parsing of the
current packets depends on the previous packet. Hope this helps.

Best,

Hui Lin

On Thu, Jun 27, 2019 at 10:09 AM Enki <fyiohhai at gmail.com> wrote:

> I’m trying to create my first protocol analyzer with BinPac for the
> synchrophasor protocol (IEEE Std C37.118) – from what I can tell, nobody
> has made an analyzer for it yet. I'm trying to define the message format in
> synchrophasor-protocol.pac. However, stuff like the format of data packets
> are based on a previously sent configuration packet. How do I write
> synchrophasor-protocol.pac so I can parse them based on the previously sent
> packet? Here’s some documentation on the protocol if you need it:
> http://smartgridcenter.tamu.edu/resume/pdf/1/SynPhasor_std.pdf
>
>
>
> Again, this is my first time trying to write a protocol analyzer with
> BinPac, so sorry if this is obvious.
>
>
>
> Thank you
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190627/052a9765/attachment.html 


More information about the Zeek mailing list