There used to be an option to enable heuristic detection for dnp3 packets. It seems to be missing as of 3.4.9. Has it been removed?

asked 2021-11-02

DNP option to disable port mapping and enable heuristic detection (0x0564 in first two bytes of payload), seems to be missing. Has it been removed?

answered 2021-11-02

The preferences were removed over 6 years ago, see change 9610.

As per that change, heuristic dissectors are now enabled via the Analyze -> Enabled Protocols dialog, search for DNP3 and then use the checkboxes for dnp3_tcp or dnp3_udp as required.

Arguably the description could indicate this is for heuristic dissection.

Is there a way to do this programmatically, from a plugin, or from a startup config file?

The setting is preserved in the profile in the file heuristic_protos, e.g. with both DNP3 options checked among the entries in the file are


or from the command line with --enable-heuristic <short_name> e.g. dnp3_tcp.

Asked: 2021-11-02

Seen: 375 times

Last updated: Nov 02 '21