Smart Protocol Analyzer
After installation, a SmartPA Launcher shortcut will appear on your desktop. Double click this shortcut to start SmartPA Launcher.
The SmartPA Launcher shows you some of the communication ports you can monitor. You can alternately select an existing capture file (*.spa) to preview.
After you have opened a communication port or a capture file, select File/Open in the SmartPA main window to get to the 'Load Protocol' dialog:
Browse into your protocol dll folder if required, select the protocol(s) in the list view, and press OK.
SmartPA SQL is a SQL parser for previously captured or ongoing capture of protocols such as MODBUS ASCII, MODBUS RTU, MODBUS TCP, DNP, BSAP, etc., that lets you find packets according to user query in a second or so from tens of thousands of packets. This is something you currently cannot do with any other commercial or opensource analyzers. Our first example above is one of the most difficult queries for any standard SQL server i.e., to find all the rows where one or more columns change value. SmartPA SQL makes it as simple as Select * from p where change(`8030`)=1; This marks all the packets where value of MODBUS register 8030 has changed. You can ,of course, find packets where a MODBUS register has a value or a range of interested values. You can also compare the value of one register with another register within the same packet. The possiblities of what you can query are virtually endless. SmartPA SQL offers intellisense editor that lets you select the right column names extracted from the selected packet. You can always type the column name that you are looking for e.g., a MODBUS register. The column names will change from protocol to protocol and intellisense lookup is the way to go.
DNP is our second example. DNP is one of the more complicated SCADA protocols. Wtih SmartPA SQL you can virutally query each and every bit of DNP protocol field. In the tree view above, all nodes that have a green check mark are fields that you can query as a column name. If you right click that tree node, it will give you an SQL menu option. Selecting it generates a line of SQL query matching that protocol field along with its captured packet value. You can modify the SQL statement as required. With SmartPA SQL you can easily find packets where a particular DNP internal indication bit is set/unset or a combination of these bits combined with SQL and/or. You can do the same for any DNP objects such as object 1, 2, 10, 12, 20, 30, 50 and more. You can also compare DNP millisecond timestamps with a user supplied value or a range of values at a millisecond resolution; something that even most SQL servers cannot do. SmartPA SQL can query up to nanosecond timestamps. You can compare analog values with any DNP object.variation.point or compare value of one object.variation.point with another within the same packet. With the change() function you can find packets exactly where a particular DNP point value changes. You will be able to find all sorts of packets with unbelievable ease.
Here are some more examples
select * from p where `3001` > 1234;
select * from p where `30*` > 1234;
above select packets where any register that starts with 30 (3001, 3002, 30004 etc) has value > 1234
select * from p where `3001` = `3002`;
above select packets where value of register 3001 is same as register 3002
select * from p where `3001` > 2*`3002`;
above select packets where value of register 3001 is greater than twice the value of register 3002
select * from p where `40001` in (100,200,300,400);
select * from p where `40001` not in (100,200,300,400);
select * from p where `40001` in (100, 200, `40002`,`40003`);
above select packets where value of register 40001 is in a csv list of values which could be numbres, expression or even other MODBUS registers
select * from p where `1.2.0`=1;
select * from p where `30.2.10` between 100 and 500;
select * from p where `30.2.10` like '500.*';
above select packets where 30.2.10 has a value starting with 500
select * from p where `30.2.10` > `30.2.11`;
above select packets where value of 30.2.10 is > than value of 30.2.11
select * from p where `32.1.4.On-line`=0
select * from p where `32.1.*.On-line`=0
select * from p where change(`32.1.4.On-line`)=1
above select packets where value of 32.1.4.On-line changes
select * from p where change(`30.1.4`,`30.1.5`)=2
above select packets where value of 30.1.4 and 30.1.5 changes together
select * from p where change(`30.1.4`,`30.1.5`)=1
above select packets where value of either 30.1.4 or 30.1.5 changes
Without SmartPA SQL you may have to spend days, weeks or even months trying to find packets that SmatPA SQL could find within seconds, especially when looking at large communication logs.
Data is captured if its a valid protocol packet. The protocol module automatically detects the master or slave setting. Once the data is captured, it can be examined by selecting the packet from the top list view. The list view contains summary information about the captured packets. A detailed description of the selected packet is shown in the tree view on the bottom left. According to the protocol, the packet is broken down into components and displayed in the tree hierarchy. The packet data is shown as raw bytes in the bottom right pane. By selecting the individual packet component in the left tree view, you can highlight the corresponding bytes in the raw data view on the right. The corresponding bytes get a blue foreground.
If you right click on one of the packets in the list view, the following context menu pops up:
If you select the bytes in the raw data pane (bottom right pane), the selected bytes get a black foreground color. On the selected black foreground bytes in the raw data pane, if you right click, a context menu will pop up as shown above. You may copy the selected data or evaluate it, or map the data to the corresponding tree node.
Here you can calculate the LRC and the CRC16 of the data in the 'Evaluation data' window. Make sure your 'Data Format' selection is the same as the type of data in your 'Evaluation data' window. e.g. if the data in the 'Evaluation data' window is in binary hex form, then select 'Binary Hex' in the 'Data Format' drop down list box.
Custom Data Parsing
This option allows you to interactively enter or copy paste hex bytes which may comprise of a protocol packet. These hex bytes can be submitted to all the loaded protocols, the protocols will then parse your data and show useful information. The hex bytes can be transmitted as either 'Transmit Bytes' or as 'Receive Bytes'; the only difference is the direction of message flow. Usually you submit a request as 'Transmit' and a response as 'Receive'.
Press the LRC Options button to choose LRC options:
Press the CRC16 Options button to choose CRC16 options:
Data Watch Window
In the data watch window you can view the stream of evaluation data as different data types. The 'Evaluation Data' window must contain data in byte pairs; for e.g. if data starts as 2 20 34 45 ..., then you should format it so that it starts as 20 34 45 ... . In the same manner you cannot have half a byte at the end of the data.
Next select the appropriate 'Data Format' that corresponds to the data in the 'Evaluation data' window, select the data type from the 'Data Type' drop down list, and click 'Show' button.
Data is aligned according to the data type you specify and displayed in the 'Data Calculation' window.