https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5696
Summary: IEC61850 Sampled Values (sv) dissector issues
Product: Wireshark
Version: 1.4.2
Platform: x86
OS/Version: Windows Vista
Status: NEW
Severity: Normal
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: kdjloca@xxxxxxxxx
Created an attachment (id=5943)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5943)
IEC61850 Sampled Values capture
Build Information:
Version 1.4.2 (SVN Rev 34959 from /trunk-1.4)
Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GTK+ 2.16.6, with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
Nov
18 2010), with AirPcap.
Running on 32-bit Windows Vista Service Pack 2, build 6002, with WinPcap
version
4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, GnuTLS
2.8.5, Gcrypt 1.4.5, without AirPcap, from the PortableApps U3 device in drive
C:.
Built using Microsoft Visual C++ 9.0 build 30729
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
The "sv" dissector (IEC61850 Sampled Values) has a few problems.
1) It assumes that the sampled data in the ASDUs is based on the "PhsMeas1"
dataset, defined in the "Implementation Guideline for Digital Interface to
Instrument Transformers using IEC 61850-9-2" document. But this cannot be
derived from the data captured. Our software sends a different dataset, which
is now displayed incorrectly. The actual ASN.1 description states that the
sampled data is of type "OCTET STRING". Further analysis of these octets in a
generic way is not possible due to the way the protocol works.
2) The protocol payload length is not set correctly. Our hardware also captures
the Ethernet CRC32, which is incorrectly assumed to be part of the protocol
payload (starting a new SV PDU). The dissector should use the value of its
Length field (sv.length) instead to limit dissection.
A capture file is attached which shows both issues.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.