Hi, I would like to request a custom DLT type for the Schweitzer
Engineering Laboratories "RTAC" product. Information on the
product/purpose of the DLT is included below:
The RTAC product family (SEL-3530, SEL-2241, SEL-3505) is a Linux-based
Automation Controller product that is capable of interfacing with SEL and
3rd-party equipment using a variety of standard industrial protocols such
as SEL FM, DNP3, Modbus, C37.118, Telegyr 8979 and others. Each protocol
instance (master/client or slave/server) is configured to utilize either
Ethernet or EIA-232/485 serial connectivity with protocol variations for
each medium taken into account. More information is available at
www.selinc.com/sel-3530
The configuration software for the RTAC platform is named AcSELerator RTAC
(SEL-5033) and is used to set up all communications and user logic for the
controller as well as provide downloading and online debugging facilities.
One particularly useful aspect of the online debugging capabilities is a
robust Communication Monitor tool that can show raw data streams from
either serial or Ethernet interfaces. Many similar products have this
same capability but the RTAC software goes a step beyond by providing a
"save-as" function to save all captured data into pcap format for further
analysis in Wireshark.
All Ethernet-based capture files will have a packets with a "Linux Cooked
Capture" Ethernet-header including the "source" MAC address of the device
responsible for the generation of the message and the TCP/IP header(s)
maintained from the original conversation. The application data from the
message will follow as per a standard Wireshark packet.
Serial-based pcap capture files are stored using "User 0" DLT type 147 to
specify a user-defined dissector for pcap data and contain a standard
12-byte serial data header followed by the application payload data from
actual rx/tx activity on the line. Some useful information can be
retrieved from the 12-byte header information, such as conversation
time-stamps, UART function and EIA-232 serial control line states at the
time of the message.
The dissector is intended to be called from the DLT_USER preferences
configuration with User 0 (DLT=147) set with a 'Header Size' of '12' and a
'Header Protocol' of 'rtacser'. The 'Payload Protocol' can be configured
to use whatever standardized industrial protocol is present on the line
for attempted dissection (selfm, mbrtu, dnp3.udp, synphasor)
The general format of this 12-byte header is as follows:
+---+
| Relative TimeStamp (Left) |
| (4 Bytes)|
+---+
| Relative TimeStamp (Right)|
| (4 Bytes)|
+---+
| Serial Event Type |
| (1 Byte) |
+---+
| UART Control Line State |
| (1 Byte) |
+---+
| Footer |
| (2 Bytes) |
+---+
| Payload |
. .
. .
. .
1) The relative timestamp is 8 bytes, the "left" and "right" components
are 32-bit integers representing the left and right-hand side of the
decimal point, respectively
2) The Serial Event type represents the type of packet entry in the pcap
file:
{ 0x00, "STATUS_CHANGE" },
{ 0x01, "DATA_TX_START" },
{ 0x02, "DATA_RX_START" },
{ 0x03, "DATA_TX_END" },
{ 0x04, "DATA_RX_END" },
{ 0x05, "CAPTURE_DATA_LOST" },
{ 0x06, "CAPTURE_COMPLETE" },
{ 0x07, "FRAMING_ERROR" },
{ 0x08, "PARITY_ERROR" },
{ 0x09, "SERIAL_BREAK_EVENT"},
{ 0x0A, "SERIAL_OVERFLOW_EVENT" },
3) The UART Control Line State is a masked-bit representation of the
serial UART lines (asserted, de-asserted) at the time of the packet
generation:
CTS 0x01
DCD 0x02
DSR 0x04
RTS 0x08
DTR 0x10
RING 0x20
MBOK 0x40
4) The 2-byte footer is undefined and for future use.
The Wireshark code submission currently exists at:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8644. The current
plan is to have a User Preference for the payload protocol decoding,
selecting DNP3, Modbus, Synchrophasor or SELFM.
Let me know if any more details are needed.
Thanks,
Chris Bontje
Schweitzer Engineering Labs
Automation Application Specialist, SW Region
(509)334-5664
chris_bon...@selinc.com
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
