Re: Request for new DLT and LINKTYPE value

["Edgar, Thomas" <thomas.edgar () pnl gov>]

On Apr 15, 2010, at 11:26 AM, Guy Harris wrote:


> So, for all of the following:
 
> > DNP3 Serial framing (DLT_DNP3 and LINKTYPE_DNP3) 

> > Modbus RTU Framing (DLT_MODBUS and LINKTYPE_MODBUS)
> > SSCP Framing (In the process of making this protocol an IEEE standard which is the impetus for this work) (DLT_SSCP 
> > and LINKTYPE_SSCP)

> presumably there's a protocol specification somewhere.  Could you indicate how that specification can be obtained 
> (even if it costs money), and whether each packet will include all of the raw octets read from the serial line in the 
> frame, or whether any transformation would be done (for example, with HDLC framing, escaping is necessary for octets 
> with the same value as the frame delimiter or, as I remember, the escape octet value, which could be left intact or 
> could be removed)?

> (I'm assuming that no transformation of the octets would be done for DLT_SERIAL/LINKTYPE_SERIAL, as you don't know 
> what the protocol is in that case.)-

DNP3
The protocol specification can be obtained from www.dnp.org.  However it requires the purchase of a membership to get 
access to the document library.  No transformation will be performed on the packets pulled from the line.

Modbus
The Modbus protocol specifications can be obtained from www.modbus.org.  It is free to download but will require 
agreement to their Terms and Conditions.  I expect no transformation will be performed on the packets captured but I 
haven't gotten to this yet so I make no guarantees yet.

Secure SCADA Communication Protocol (SSCP)
The SSCP has not been standardized yet so there is no publicly available method to get its specification yet.  However, 
we are working with an IEEE group to make it into a standard.  I expect it to go out to ballot in a few months.  No 
transformation will be performed on the packets captured.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.