Tested and integrated ASDU Types C_SE_NB_1, M_BO_TB_1, C_RD_NA_1 and C_RP_NA_1

DINA-community / ot-parsers

a collection of OT and ICS protocol parsers for Zeek

BSD 3-Clause "New" or "Revised" License

6 stars 2 forks source link

Tested and integrated ASDU Types C_SE_NB_1, M_BO_TB_1, C_RD_NA_1 and C_RP_NA_1 #6

Closed georgemakrakis closed 5 months ago

georgemakrakis commented 6 months ago

Dear team,

This PR adds some Spicy events and parsing for C_SE_NB_1, M_BO_TB_1, C_RD_NA_1 and C_RP_NA_1. These have been tested using the following PCAPs:

"20200608_UOWM_IEC104_Dataset_mitm_drop" "20200605_UOWM_IEC104_Dataset_c_rd_na_1" "20200606_UOWM_IEC104_Dataset_c_rp_na_1"

in: https://zenodo.org/record/7108614#.ZFR6oJHML0o

Let me know if there is any ambiguity regarding any of the parsed fields and I will adjust them.

George.

Crubumble commented 6 months ago

Thanks George for the ongoing contribution.

JPLettuce commented 5 months ago

Sorry for the delay due to my absence~ Thank you for the improvements; It did not break in a short test so I merged it into the development branch for 104 for now (so that it is out of your way until we got further testing done) and will merge it later into master with all pending changes.

Appreciatively, JPL~

georgemakrakis commented 5 months ago

Thank you @JPLettuce and @Crubumble ! If any issue arise regarding this part, please let me know.