Not able to parse the data from the .pcap file created using tcpdump

[kartikeyj96]

Hello. I created a pcap file using this command. sudo tcpdump -i ens33 -v -nn -c8 'ether proto 0x88B8' -w goose_packets.pcap

Then I use the goose_parser.py to extract the data from the file. But it shows this error

One more thing. The pcap file which you provided contains this data in GOOSE PDU header

And the pcap file which I created contains data in this format

Can you explain how to extract this data?

[bladane]

Hi,

maybe I can help. The problem is in goose_pdu.py. It was generated with pyasn1 library (from goose.asn) but it cannot handle correctly the recursion. And you have structure within structure that means - recursion. See here (Data is referencing to itself): Data.componentType = namedtype.NamedTypes( namedtype.NamedType('array', univ.SequenceOf(componentType=Data()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('structure', univ.SequenceOf(componentType=Data()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), .....

I resolved it in my project in more ugly way by copying and multiplying Data class into Data1, Data2 and Data3 where Data is referencing Data1 (where Data was), Data1 to Data2, Data2 to Data3 and Data 3 is with any. class Data3(univ.Choice): pass

Data3.componentType = namedtype.NamedTypes( namedtype.NamedType( "array", univ.SequenceOf(componentType=univ.Any()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)),), namedtype.NamedType( "structure", univ.SequenceOf(componentType=univ.Any()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)),), .....

Thus, I expanded recursion into enough Data types.

I tried to extend pyasn1 to resolve recursion correctly, but I was not skillful enough.

[kartikeyj96]

Hi,

maybe I can help. The problem is in goose_pdu.py. It was generated with pyasn1 library (from goose.asn) but it cannot handle correctly the recursion. And you have structure within structure that means - recursion. See here (Data is referencing to itself): Data.componentType = namedtype.NamedTypes( namedtype.NamedType('array', univ.SequenceOf(componentType=Data()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('structure', univ.SequenceOf(componentType=Data()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), .....

I resolved it in my project in more ugly way by copying and multiplying Data class into Data1, Data2 and Data3 where Data is referencing Data1 (where Data was), Data1 to Data2, Data2 to Data3 and Data 3 is with any. class Data3(univ.Choice): pass

Data3.componentType = namedtype.NamedTypes( namedtype.NamedType( "array", univ.SequenceOf(componentType=univ.Any()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)),), namedtype.NamedType( "structure", univ.SequenceOf(componentType=univ.Any()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)),), .....

Thus, I expanded recursion into enough Data types.

I tried to extend pyasn1 to resolve recursion correctly, but I was not skillful enough.

Thanks for the reply and sorry for replying you this late but can you explain exactly how did you use recursion here. I am not able to apply this logic. Can you provide some code snippet if possible?

Thanks

[bladane]

Hi Jain,

I tried to find your mail to send you my version of goose_pdu.py. It has 800 lines so I would not like to post it here. Suggest me how to share the generated goose.py with you and I will do it.

BR

[Ralle001]

Hi Jain,

I tried to find your mail to send you my version of goose_pdu.py. It has 800 lines so I would not like to post it here. Suggest me how to share the generated goose.py with you and I will do it.

BR

Hi! I know its been some time, but by any chance could you share it with me please: treszlerdonat[at]gmail[dot]com