This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi ,

when i'm examining DNP 3 packets i noticed that you parsed some packets that in the bytes pane windows there was "Reassamble DNP AL Message".

how can i know how to parse it? (did you only use the specification?)

thanks ,

asked 05 Mar '14, 00:24

eligator28's gravatar image

eligator28
11113
accept rate: 0%


As a DNP3 datalink layer message body can only be 250 octets long, and as that body only carries 222 octets of payload (2 octet CRC for every 16 octets of data), and as the Transport layer header consumes 1 octet in every data link layer, and as an Application Layer message may be fragmented into multiple parts to ease memory requirements, the dissector extracts all the relevant portions of data from multiple data link messages and reassembles them into the complete application layer message.

The dissector was written with access to the protocol specification and has been tested with numerous actual master and slave devices. You can browse the source code of the dissector here, but note that it uses the Wireshark packet reassembly routines to do the bulk of the work.

permanent link

answered 05 Mar '14, 03:22

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×4

question asked: 05 Mar '14, 00:24

question was seen: 1,057 times

last updated: 05 Mar '14, 03:22

p​o​w​e​r​e​d by O​S​Q​A