Wireshark-users: Re: [Wireshark-users] IEC 60870-5-101 Dissector

From: Michael <michaelxmail@xxxxxxxxx>
Date: Fri, 15 Jul 2016 03:40:25 +0000 (UTC)
Decio Tomasulo de Vicente <dvicente@...> writes:

> 
> Hi,
> 
>  
> 
> We need to decode the IEC 101 protocol. I already found the 104
> dissector.
> 
>  
> 
> Could someone help us to find the IEC 60870-5-101
> Dissector ?
> 
>  
> 
> Thanks.
> 
> Engº
> Décio Tomasulo De VicenteOPT
> - Suporte ao Sistema de Supervisão e ControleTel: +55 11 4589
> 6608
> Cel: +55 11 9778 3617
> 
> M.O: 8 224 253
> 
> dvicente-zAM+WdsCrjdfJ/NunPodnw@xxxxxxxxxxxxxxxx
> 
> www.cteep.com.br
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@...>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@...?subject=unsubscribe

First you need to convert you IEC 101 traffic, usually text file, to pcapng
file.
You can find the covert tool here(see readme for details):
https://github.com/michaelxzhang/serial_to_pcap

Then you can use the following Wireshark plugin to help you decode the IEC101.

You need to change some settings in Wireshark to let it load the dissector.
Please see the readme file.

https://github.com/michaelxzhang/iec101_dissector