Ask Your Question
0

DLT_USER for DNP3

asked 2018-04-20 02:39:55 +0000

Colin gravatar image

I have created some pcap files using DTL_USER ID=147. These files contain either serial "Modbus RTU" data or serial "DNP3" data. Note that this is just raw application data. I can open the Modbus.pcap file in Wireshark and use protocol preferences/Encapsulation table to add a User0 (DLT=147) with a payload protocol of mbrtu to decode the modbus messages. All good!

When I open the dnp3.pcap file I cant apply dnp3 as a payload protocol as it says dissector not found.

Is there a way to apply the DNP3 dissector to the raw DNP3 application data in the file without having to add a link layer (say dummy IP layer) to each message in the pcap file?

Thanks

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-04-20 03:30:10 +0000

Guy Harris gravatar image

Is there a way to apply the DNP3 dissector to the raw DNP3 application data in the file

Try using the protocol name "dnp3.udp" rather than just "dnp3".

edit flag offensive delete link more

Comments

That worked perfectly. Thanks very much for your prompt help.

Colin gravatar imageColin ( 2018-04-20 08:29:46 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-04-20 02:39:55 +0000

Seen: 688 times

Last updated: Apr 20 '18