This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Reassembled DNP Application Layer Message

0

Hi ,

when i'm examining DNP 3 packets i noticed that you parsed some packets that in the bytes pane windows there was "Reassamble DNP AL Message".

how can i know how to parse it? (did you only use the specification?)

thanks ,

asked 05 Mar '14, 00:24

eligator28's gravatar image

eligator28
11113
accept rate: 0%


One Answer:

1

As a DNP3 datalink layer message body can only be 250 octets long, and as that body only carries 222 octets of payload (2 octet CRC for every 16 octets of data), and as the Transport layer header consumes 1 octet in every data link layer, and as an Application Layer message may be fragmented into multiple parts to ease memory requirements, the dissector extracts all the relevant portions of data from multiple data link messages and reassembles them into the complete application layer message.

The dissector was written with access to the protocol specification and has been tested with numerous actual master and slave devices. You can browse the source code of the dissector here, but note that it uses the Wireshark packet reassembly routines to do the bulk of the work.

answered 05 Mar '14, 03:22

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%