This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Monitoring MMS and GOOSE IEC61850

0

Hello,

What possibilities does wireshark have to offer when monitoring 61850 traffic?

With Wireshark, can you see the:

  • numerical content of a measured value in a MMS message?
  • the GOOSE messages
  • The content of messages containing boolean variables?

I was able to see some messages with the datamodel desctription. But when I was looking for the numerical value in MMS messages I only found the bits and bytes, numbers, ones and zeros...

Does anyone have experience with this usecase of wireshark?

Thank you,

asked 20 Sep '10, 23:24

DBIN's gravatar image

DBIN
1111
accept rate: 0%

Generally speaking, if Wireshark supports a protocol for dissecting it will be on Wireshark's website. For IEC 61850, for example:

https://wiki.wireshark.org/Protocols/IEC61850GOOSEGSE

That describes to what extent it is supported.

(03 May '17, 22:34) Quadratic

2 Answers:

0

Hi, you can do something like this: link text

Mirek

answered 23 Sep '14, 05:43

sobmir's gravatar image

sobmir
11112
accept rate: 0%

0

There is a Wireshark fork available with deeper IEC 61850, ICCP TASE/2, and C37.118 Synchrophasor parsing maintained by Herb Falk.

answered 17 Jun '16, 09:32

Colossus's gravatar image

Colossus
62
accept rate: 0%

edited 22 Jun '16, 11:48

The Wireshark-Fork tool for IEC61850 is no more available at sisconet.

Any idea if this tool is available freely somewhere else?

(03 May '17, 02:40) gewuerz

@gewuerz: Sisconet is back online--it looks like they had an issue with their SiteLock config. I've confirmed that I can download the win32 installer again.

(09 May '17, 09:25) Colossus