What should be setting in Wireshark 1.6.3 [Version 1.6.3 (SVN Rev 39702 from /trunk-1.6)] in Decode As, to properly analyze or capture DNP3 communication?
In specific, what selection should be under "Decode As" in right window for each of the tabs: -Link; -Network; -Protocol.
When I tried default selection, it is not decoding any DNP3 traffic
Any suggestion or help is greatly appreciated. Stanko K. [email protected]siemens.com
asked 15 Nov '11, 06:34
edited 26 Feb '12, 21:19
The DNP3 dissector has a default port of 20000 as per the IANA registration, so any traffic (TCP or UDP) arriving on this port should be dissected. For traffic on other ports, use the "Decode As ..." option and on the Transport tab select the source or destination (or both) ports and "DNP3.0" as the protocol for those ports. You shouldn't need to change anything on the Link or Network tabs.
answered 15 Nov '11, 07:08