Wireshark · Ethereal-dev: Re: RE: [Ethereal-dev] DNP3 dissector

Ethereal-dev: Re: RE: [Ethereal-dev] DNP3 dissector

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: George Utley <gutxxx@xxxxxxxxx>

Date: Wed, 24 Aug 2005 16:29:05 +1000

Please find attached an Ethereal capture of the incorrectly parsed
read request packet and the correctly parsed response packet.

On 8/24/05, Chris Bontje <chrisbontje@xxxxxxx> wrote:
> I agree with Graham, adding the extra objects shouldn't interfere with any of the developments I have cooking up.  I myself have been thinking of submitting a patch for a few extra objects in the meantime!
> 
> As always, examples of the offending packets are welcome. :)
> 
> Chris
> 
> > > I have tested Ethereal with DNP3 traffic and believe I have
> > found a
> > > bug in the DNP3 application layer dissector. In DNP3, READ fragments
> > > do not have Information Objects. Only the headers have Information
> > > Objects, since they only specify the points to be read, not their
> > > value. The response fragment has both the headers and the
> > Information> Objects.
> > >
> > > However the DNP3 application layer dissector is treating READ
> > request> fragments as if they do have Information Objects
> > following the object
> > > headers, and is therefore parsing subsequent object headers
> > after the
> > > first object header as if they were Information Objects. Should
> > I add
> > > this to the bugs database?
> >
> > Yes please.  It would help enormously if you could also provide a
> > captureillustrating the problem, identifying the frames in question.
> >
> > >
> > > Also what are the development plans for the DNP3 application layer
> > > dissector? Is anyone working on it at the moment? Is any assistance
> > > required? I am particularly keen to add floating point and file
> > > objects.
> > >
> >
> > When time permits.
> >
> > Chris Bontje and myself seem to be the only folks working on this
> > at the
> > moment.  Chris has some refactorings in progress to sort a few
> > issues out,
> > but adding extra info objects shouldn't be too difficult.  Feel
> > free to send
> > a patch in, again captures demonstrating the new types would be
> > helpful.
> > Regards,
> >
> > Graham Bloice
> >
> > _______________________________________________
> > Ethereal-dev mailing list
> > Ethereal-dev@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-dev
> >
> 
>

Attachment: dnpflt.erf
Description: Binary data

References:
- Re: RE: [Ethereal-dev] DNP3 dissector
  - From: Chris Bontje

Prev by Date: Re: RE: [Ethereal-dev] DNP3 dissector
Next by Date: [Ethereal-dev] Re: Patch to prevent loop in flow analysis graph
Previous by thread: Re: RE: [Ethereal-dev] DNP3 dissector
Next by thread: [Ethereal-dev] Re: [Ethereal-cvs] rev 15515: /trunk/epan/dissectors/: packet-extreme.c
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$