| Bug ID |
8644
|
| Summary |
New Dissector - SEL RTAC (Real Time Automation Controller) EIA-232 Serial-Line Dissection
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
1.9.x (Experimental)
|
| Hardware |
x86
|
| OS |
Windows 7
|
| Status |
UNCONFIRMED
|
| Severity |
Enhancement
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 10745 [details]
New RTAC Serial Dissector
Build Information:
Version 1.11.0-SELFM (SVN Rev Unknown from unknown)
Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python,
with GnuTLS 2.12.18, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with
PortAudio V19-devel (built May 9 2013), with AirPcap.
Running on 32-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz, with 3509MB of physical
memory.
Built using Microsoft Visual C++ 9.0 build 30729
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
Attached is a small new dissector for Schweitzer Engineering Labs "RTAC Serial
Data Line" traffic. It has had 10 rounds of fuzz testing ran on it with no
errors.
I have not included a patch for epan\dissector\Makefile.common but the
dissector can slot right at around line 1000, following packet-rsync.c.
Sample pcap files with Modbus, DNP3 and SELFM data are included.
Notes from the dissector header are:
The RTAC product family (SEL-3530, SEL-2241, SEL-3505) is a Linux-based
Automation Controller product that is capable of interfacing with SEL and
3rd-party equipment using a variety of standard industrial protocols such as
SEL FM, DNP3, Modbus, C37.118, Telegyr 8979 and others. Each protocol instance
(master/client or slave/server) is configured to utilize either Ethernet or
EIA-232/485 serial connectivity with protocol variations for each medium taken
into account.
The configuration software for the RTAC platform is named AcSELerator RTAC
(SEL-5033) and is used to set up all communications and user logic for the
controller as well as provide downloading and online debugging facilities. One
particularly useful aspect of the online debugging capabilities is a robust
Communication Monitor tool that can show raw data streams from either serial or
Ethernet interfaces. Many similar products have this same capability but the
RTAC software goes a step beyond by providing a "save-as" function to save all
captured data into pcap format for further analysis in Wireshark.
All Ethernet-based capture files will have a packets with a "Linux Cooked
Capture" Ethernet-header including the "source" MAC address of the device
responsible for the generation of the message and the TCP/IP header(s)
maintained from the original conversation. The application data from the
message will follow as per a standard Wireshark packet.
Serial-based pcap capture files are stored using "User 0" DLT type 147 to
specify a user-defined dissector for pcap data and contain a standard 12-byte
serial data header followed by the application payload data from actual rx/tx
activity on the line. Some useful information can be retrieved from the
12-byte header information, such as conversation time-stamps, UART function and
EIA-232 serial control line states at the time of the message.
The dissector is intended to be called from the DLT_USER preferences
configuration with User 0 (DLT=147) set with a 'Header Size' of '12' and a
'Header Protocol' of 'rtacser'. The 'Payload Protocol' can be configured to use
whatever standardized industrial protocol is present on the line for attempted
dissection (selfm, mbrtu, dnp3.udp, synphasor)
You are receiving this mail because:
- You are watching all bug changes.