Skip to content

Instantly share code, notes, and snippets.

@jasonish

jasonish/dnp3.json

Created May 21, 2015 17:53
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jasonish/0e1432eb401ea2d054bb to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jasonish/0e1432eb401ea2d054bb to your computer and use it in GitHub Desktop.
Download ZIP
dnp3 logging with payload and object data
Raw
dnp3.json
{
"alert": {
"tx_id": 0,
"severity": 3,
"category": "",
"signature": "DNP3 Sample function code match",
"rev": 1,
"signature_id": 1,
"gid": 1,
"action": "allowed"
},
"proto": "TCP",
"timestamp": "2015-04-09T13:19:22.618201-0600",
"flow_id": 106790066891968,
"pcap_cnt": 5,
"event_type": "alert",
"src_ip": "127.0.0.1",
"src_port": 20000,
"dest_ip": "127.0.0.1",
"dest_port": 46530
}
{
"alert": {
"tx_id": 0,
"severity": 3,
"category": "",
"signature": "DNP3 Sample function code match",
"rev": 1,
"signature_id": 1,
"gid": 1,
"action": "allowed"
},
"proto": "TCP",
"timestamp": "2015-04-09T13:19:22.618275-0600",
"flow_id": 106790066891968,
"pcap_cnt": 7,
"event_type": "alert",
"src_ip": "127.0.0.1",
"src_port": 46530,
"dest_ip": "127.0.0.1",
"dest_port": 20000
}
{
"alert": {
"severity": 3,
"category": "",
"signature": "DNP3 Content match, any direction",
"rev": 1,
"signature_id": 3,
"gid": 1,
"action": "allowed"
},
"proto": "TCP",
"timestamp": "2015-04-09T13:19:22.618275-0600",
"flow_id": 106790066891968,
"pcap_cnt": 7,
"event_type": "alert",
"src_ip": "127.0.0.1",
"src_port": 46530,
"dest_ip": "127.0.0.1",
"dest_port": 20000
}
{
"dnp3": {
"application": {
"objects": [
{
"data": "PAIG",
"range": 6,
"prefix": 0,
"variation": 2,
"group": 60
},
{
"data": "PAMG",
"range": 6,
"prefix": 0,
"variation": 3,
"group": 60
},
{
"data": "PAQG",
"range": 6,
"prefix": 0,
"variation": 4,
"group": 60
}
],
"function_code": 21,
"control": {
"sequence": 0,
"uns": false,
"con": false,
"fin": true,
"fir": true,
"value": 192
}
},
"transport": {
"sequence": 0,
"fir": true,
"fin": true,
"value": 192
},
"payload": "wBU8AgY8AwY8BAY=",
"dst": 10,
"src": 1,
"control": {
"function_code": 4,
"fcv": false,
"fcb": false,
"pri": true,
"dir": true,
"value": 196
},
"type": "request"
},
"proto": "TCP",
"timestamp": "2015-04-09T13:19:22.618275-0600",
"flow_id": 106790066891968,
"pcap_cnt": 7,
"event_type": "dnp3",
"src_ip": "127.0.0.1",
"src_port": 46530,
"dest_ip": "127.0.0.1",
"dest_port": 20000
}
{
"dnp3": {
"iin": {
"indicators": [],
"value": 0
},
"application": {
"objects": [],
"function_code": 129,
"control": {
"sequence": 0,
"uns": false,
"con": false,
"fin": true,
"fir": true,
"value": 192
}
},
"transport": {
"sequence": 10,
"fir": true,
"fin": true,
"value": 202
},
"payload": "127.0.0.1",
"dst": 1,
"src": 10,
"control": {
"function_code": 4,
"fcv": false,
"fcb": false,
"pri": true,
"dir": false,
"value": 68
},
"type": "response"
},
"proto": "TCP",
"timestamp": "2015-04-09T13:19:22.618275-0600",
"flow_id": 106790066891968,
"pcap_cnt": 7,
"event_type": "dnp3",
"src_ip": "127.0.0.1",
"src_port": 46530,
"dest_ip": "127.0.0.1",
"dest_port": 20000
}
{
"alert": {
"severity": 3,
"category": "",
"signature": "DNP3 Content match, any direction",
"rev": 1,
"signature_id": 3,
"gid": 1,
"action": "allowed"
},
"proto": "TCP",
"timestamp": "2015-04-09T13:19:22.657818-0600",
"flow_id": 106790066891968,
"pcap_cnt": 10,
"event_type": "alert",
"src_ip": "127.0.0.1",
"src_port": 46530,
"dest_ip": "127.0.0.1",
"dest_port": 20000
}
{
"dnp3": {
"application": {
"objects": [
{
"data": "PAIG",
"range": 6,
"prefix": 0,
"variation": 2,
"group": 60
},
{
"data": "PAMG",
"range": 6,
"prefix": 0,
"variation": 3,
"group": 60
},
{
"data": "PAQG",
"range": 6,
"prefix": 0,
"variation": 4,
"group": 60
},
{
"data": "PAEG",
"range": 6,
"prefix": 0,
"variation": 1,
"group": 60
}
],
"function_code": 1,
"control": {
"sequence": 1,
"uns": false,
"con": false,
"fin": true,
"fir": true,
"value": 193
}
},
"transport": {
"sequence": 1,
"fir": true,
"fin": true,
"value": 193
},
"payload": "wQE8AgY8AwY8BAY8AQY=",
"dst": 10,
"src": 1,
"control": {
"function_code": 4,
"fcv": false,
"fcb": false,
"pri": true,
"dir": true,
"value": 196
},
"type": "request"
},
"proto": "TCP",
"timestamp": "2015-04-09T13:19:22.657857-0600",
"flow_id": 106790066891968,
"pcap_cnt": 12,
"event_type": "dnp3",
"src_ip": "127.0.0.1",
"src_port": 46530,
"dest_ip": "127.0.0.1",
"dest_port": 20000
}
{
"dnp3": {
"iin": {
"indicators": [],
"value": 0
},
"application": {
"objects": [
{
"data": "AQIAAAkCAgICAgICAgIC",
"range": 0,
"prefix": 0,
"variation": 2,
"group": 1
},
{
"data": "AwIAAAkCAgICAgICAgIC",
"range": 0,
"prefix": 0,
"variation": 2,
"group": 3
},
{
"data": "FAEAAAkCAAAAAAIAAAAAAgAAAAACAAAAAAIAAAAAAgAAAAACAAAAAAIAAAAAAgAAAAACAAAAAA==",
"range": 0,
"prefix": 0,
"variation": 1,
"group": 20
},
{
"data": "FQEAAAkCAAAAAAIAAAAAAgAAAAACAAAAAAIAAAAAAgAAAAACAAAAAAIAAAAAAgAAAAACAAAAAA==",
"range": 0,
"prefix": 0,
"variation": 1,
"group": 21
},
{
"data": "HgUAAAACAAAAAA==",
"range": 0,
"prefix": 0,
"variation": 5,
"group": 30
},
{
"data": "HgEAAQkCAAAAAAIAAAAAAgAAAAACAAAAAAIAAAAAAgAAAAACAAAAAAIAAAAAAgAAAAA=",
"range": 0,
"prefix": 0,
"variation": 1,
"group": 30
},
{
"data": "CgIAAAkCAgICAgICAgIC",
"range": 0,
"prefix": 0,
"variation": 2,
"group": 10
},
{
"data": "KAEAAAkCAAAAAAIAAAAAAgAAAAACAAAAAAIAAAAAjAIAAAAAAgAAAAACAAAAAAIAAAAAAgAAAA==",
"range": 0,
"prefix": 0,
"variation": 1,
"group": 40
}
],
"function_code": 129,
"control": {
"sequence": 1,
"uns": false,
"con": false,
"fin": true,
"fir": true,
"value": 193
}
},
"transport": {
"sequence": 11,
"fir": true,
"fin": false,
"value": 75
},
"payload": "wYEAAAECAAAJAgICAgICAgICAgMCAAAJAgICAgICAgICAhQBAAAJAgAAAAACAAAAAAIAAAAAAgAAAAACAAAAAAIAAAAAAgAAAAACAAAAAAIAAAAAAgAAAAAVAQAACQIAAAAAAgAAAAACAAAAAAIAAAAAAgAAAAACAAAAAAIAAAAAAgAAAAACAAAAAAIAAAAAHgUAAAACAAAAAB4BAAEJAgAAAAACAAAAAAIAAAAAAgAAAAACAAAAAAIAAAAAAgAAAAACAAAAAAIAAAAACgIAAAkCAgICAgICAgICKAEAAAkCAAAAAAIAAAAAAgAAAAACAAAAAAIAAAAAjAIAAAAAAgAAAAACAAAAAAIAAAAAAgAAAAA=",
"dst": 1,
"src": 10,
"control": {
"function_code": 4,
"fcv": false,
"fcb": false,
"pri": true,
"dir": false,
"value": 68
},
"type": "response"
},
"proto": "TCP",
"timestamp": "2015-04-09T13:19:22.657857-0600",
"flow_id": 106790066891968,
"pcap_cnt": 12,
"event_type": "dnp3",
"src_ip": "127.0.0.1",
"src_port": 46530,
"dest_ip": "127.0.0.1",
"dest_port": 20000
}
{
"alert": {
"tx_id": 1,
"severity": 3,
"category": "",
"signature": "DNP3 Sample object match",
"rev": 1,
"signature_id": 4,
"gid": 1,
"action": "allowed"
},
"proto": "TCP",
"timestamp": "2015-04-09T13:19:22.659702-0600",
"flow_id": 106790066891968,
"pcap_cnt": 14,
"event_type": "alert",
"src_ip": "127.0.0.1",
"src_port": 20000,
"dest_ip": "127.0.0.1",
"dest_port": 46530
}
{
"alert": {
"severity": 3,
"category": "",
"signature": "DNP3 Content match, any direction",
"rev": 1,
"signature_id": 3,
"gid": 1,
"action": "allowed"
},
"proto": "TCP",
"timestamp": "2015-04-09T13:19:22.659894-0600",
"flow_id": 106790066891968,
"pcap_cnt": 15,
"event_type": "alert",
"src_ip": "127.0.0.1",
"src_port": 46530,
"dest_ip": "127.0.0.1",
"dest_port": 20000
}
{
"dnp3": {
"application": {
"objects": [
{
"data": "PAIG",
"range": 6,
"prefix": 0,
"variation": 2,
"group": 60
},
{
"data": "PAMG",
"range": 6,
"prefix": 0,
"variation": 3,
"group": 60
},
{
"data": "PAQG",
"range": 6,
"prefix": 0,
"variation": 4,
"group": 60
}
],
"function_code": 20,
"control": {
"sequence": 2,
"uns": false,
"con": false,
"fin": true,
"fir": true,
"value": 194
}
},
"transport": {
"sequence": 2,
"fir": true,
"fin": true,
"value": 194
},
"payload": "whQ8AgY8AwY8BAY=",
"dst": 10,
"src": 1,
"control": {
"function_code": 4,
"fcv": false,
"fcb": false,
"pri": true,
"dir": true,
"value": 196
},
"type": "request"
},
"proto": "TCP",
"timestamp": "2015-04-09T13:19:22.659894-0600",
"flow_id": 106790066891968,
"pcap_cnt": 15,
"event_type": "dnp3",
"src_ip": "127.0.0.1",
"src_port": 46530,
"dest_ip": "127.0.0.1",
"dest_port": 20000
}
{
"dnp3": {
"iin": {
"indicators": [],
"value": 0
},
"application": {
"objects": [],
"function_code": 129,
"control": {
"sequence": 2,
"uns": false,
"con": false,
"fin": true,
"fir": true,
"value": 194
}
},
"transport": {
"sequence": 13,
"fir": true,
"fin": true,
"value": 205
},
"payload": "127.0.0.1",
"dst": 1,
"src": 10,
"control": {
"function_code": 4,
"fcv": false,
"fcb": false,
"pri": true,
"dir": false,
"value": 68
},
"type": "response"
},
"proto": "TCP",
"timestamp": "2015-04-09T13:19:22.659894-0600",
"flow_id": 106790066891968,
"pcap_cnt": 15,
"event_type": "dnp3",
"src_ip": "127.0.0.1",
"src_port": 46530,
"dest_ip": "127.0.0.1",
"dest_port": 20000
}
{
"dnp3": {
"application": {
"objects": [
{
"data": "PAIG",
"range": 6,
"prefix": 0,
"variation": 2,
"group": 60
}
],
"function_code": 1,
"control": {
"sequence": 3,
"uns": false,
"con": false,
"fin": true,
"fir": true,
"value": 195
}
},
"transport": {
"sequence": 3,
"fir": true,
"fin": true,
"value": 195
},
"payload": "wwE8AgY=",
"dst": 10,
"src": 1,
"control": {
"function_code": 4,
"fcv": false,
"fcb": false,
"pri": true,
"dir": true,
"value": 196
},
"type": "request"
},
"proto": "TCP",
"timestamp": "2015-04-09T13:19:22.699896-0600",
"flow_id": 106790066891968,
"pcap_cnt": 17,
"event_type": "dnp3",
"src_ip": "127.0.0.1",
"src_port": 46530,
"dest_ip": "127.0.0.1",
"dest_port": 20000
}
{
"dnp3": {
"iin": {
"indicators": [],
"value": 0
},
"application": {
"objects": [],
"function_code": 129,
"control": {
"sequence": 3,
"uns": false,
"con": false,
"fin": true,
"fir": true,
"value": 195
}
},
"transport": {
"sequence": 14,
"fir": true,
"fin": true,
"value": 206
},
"payload": "127.0.0.1",
"dst": 1,
"src": 10,
"control": {
"function_code": 4,
"fcv": false,
"fcb": false,
"pri": true,
"dir": false,
"value": 68
},
"type": "response"
},
"proto": "TCP",
"timestamp": "2015-04-09T13:19:22.699896-0600",
"flow_id": 106790066891968,
"pcap_cnt": 17,
"event_type": "dnp3",
"src_ip": "127.0.0.1",
"src_port": 46530,
"dest_ip": "127.0.0.1",
"dest_port": 20000
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment