I’m trying to create my first protocol analyzer with BinPac for the synchrophasor protocol (IEEE Std C37.118) – from what I can tell, nobody has made an analyzer for it yet. I’m trying to define the message format in synchrophasor-protocol.pac. However, stuff like the format of data packets are based on a previously sent configuration packet. How do I write synchrophasor-protocol.pac so I can parse them based on the previously sent packet? Here’s some documentation on the protocol if you need it: http://smartgridcenter.tamu.edu/resume/pdf/1/SynPhasor_std.pdf
Again, this is my first time trying to write a protocol analyzer with BinPac, so sorry if this is obvious.
I have not read C37.118 in details before. But I contributed the DNP3 analyzer in Bro both on top of TCP and UPD, may be you can take a look. DNP3 also have some similar characteristics, like the parsing of the current packets depends on the previous packet. Hope this helps.
I took a look at the dp3 files, but I couldn’t find anything that helps with my use case - - maybe I’m just blind and I missed it. However, I did find this older question that fits pretty close to mine: https://marc.info/?l=bro&m=146194027831545&w=2
I still feel like there’s probably a better way to solve this issue than what’s presented. I’ll try it out though, unless anyone knows of any better methods.