...
This Odysseus feature uses jNetPcappcapng-decoder.
...
Pcap protocol handler
In Odysseus, a file transport handler is implemented to read Pcap files. Writing Pcap files is currently not supported! See the examples below for the usage of the transport handler in combination with the IEC 60870-5-104 protocol handlerthe output of the decoder is tranformed into a KeyValueObject that contains all available information. See the example below.
| Code Block |
|---|
#PARSER PQL #RUNQUERY pcap_input := ACCESS({ transport = 'pcapfilefile', protocol = 'iec60870-5-104pcap', wrapper = 'GENERICPUSHGenericPull', source = 'Pcap', datahandler = 'tuplekeyvalueobject', options = [ ['filefilename', 'somepcapfile.pcap']], ] schema = [ ['typeId', 'object'], ['isSequenceOfElements', 'boolean'], ['causeOfTransmission', 'object'], ['test', 'boolean'], ['negativeConfirm', 'boolean'], ['originatorAddress', 'integer'], ['commonAddress', 'integer'], ['sequenceLength', 'integer'], ['informationObjects', 'list'], ['areInfosPrivate', 'boolean'] ] } ) |
Data types
...
) |
- The ASDU is the payload of the application protocol data unit (APDU). Its structure is defined in IEC 60870-5-104. The ASDU consists of the Data Unit Identifier and a number of Information Objects. The Data Unit Identifier contains:
...
- The first byte codes the actual
CauseOfTransmission, a bit indicating whether the message was sent for test purposes only and a bit indicating whether a confirmation message is positive or negative. The optional second byte of the Cause of Transmission field is the Originator Address. It is the address of the originating controlling station so that responses can be routed back to it.
...
- the address of the target station or the broadcast address. If the field length of the common address is 1 byte then the addresses 1 to 254 are used to address a particular station (station address) and 255 is used for broadcast addressing. If the field length of the common address is 2 bytes then the addresses 1 to 65534 are used to address a particular station and 65535 is used for broadcast addressing. Broadcast addressing is only allowed for certain TypeIDs.
...
In Odysseus, the IEC 60870-5-104 transport handler sends a tuple to the data handler with the following schema:
- typeId: Object
- isSequenceOfElements: Boolean
- causeOfTransmission: Object
- test: Boolean
- negativeConfirm: Boolean
- originatorAddress: Integer
- commonAddress: Integer
- sequenceLength: Integer
- informationObjects: List
- areInfosPrivate: Boolean
...