I get "Unknown Object - Abort Decoding" for DNP3 object 111. I know the data is correct by looking at the output from my ASE 2000 Communications test set. Most objects are decoded correctly, but some are not. asked 07 Apr '16, 05:43 DNP3Master edited 07 Apr '16, 08:31 Jim Aragon showing 5 of 7 show 2 more comments |
One Answer:
From the comments it becomes clear that the relevant dissection wasn't yet implemented in that old Wireshark version. answered 07 Apr '16, 14:40 Jaap ♦ |
It seems to be present in the code,
So without a look at the offeding packet it's hard to tell
I added that back in 2011 (complete with erroneous comment) so it should be in 1.12.5. I'm fairly certain I've seen dissections of that object.
As @Jaap says, please share the capture with the packet somewhere publicly available.
Wait, are you asking about version 1.2.15 or 1.12.something?
If you're asking about 1.2.15 then the answer is, based on Graham's comment, because the version you're running is too old.
Oops, unable to parse the version numbers, my brain couldn't believe someone is still running 1.2.15 (built 1st March 2011).
... which (for DNP3Master's benefit) would not include enhancements (like decoding this object) checked in in 2011 since 1.2 was one of the stable branches at the time.
Oh, forgot to mention:
That's because you haven't spent the past N years of your life living in RHEL/CentOS 6 (which shipped with 1.2 and has stayed on 1.2--though http://rpms.famillecollet.com/rpmphp/zoom.php?rpm=wireshark seems to indicate that RHEL 6 has actually upgraded to 1.8.
@JeffMorris
Thankfully. Presumably there's folks planning to continue with the next 2N years of their life on RHEL6.