GitHub - DINA-community/icsnpp-iccp: Zeek plugin Telecontrol Application Service Element 2 (TASE.2)/Inter-control Center Communications Protocol (ICCP)

DINA-community / icsnpp-iccp Public

Notifications You must be signed in to change notification settings
Fork 0
Star 0

Zeek plugin Telecontrol Application Service Element 2 (TASE.2)/Inter-control Center Communications Protocol (ICCP)

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
docker		docker
src		src
.gitignore		.gitignore
CMakeLists.txt		CMakeLists.txt
COPYING		COPYING
README		README

Repository files navigation

# ICSNPP-ICCP

Industrial Control Systems Network Protocol Parsers (ICSNPP) - Inter-Control Center Communications Protocol (ICCP)

## Overview

This plugin provides a protocol analyzer for Inter-Control Center Communications Protocol (IEC 60870-6/TASE.2).
> Note: For now, only a quick start is provided to test the implementation easily. The intension is to get the TASE.2 structure before integrating the script into zeek.

## Quick start

`explore-mms` is a command-line tool for inspecting devices that provide an MMS server (IEC 61850, EN 61850-8-1). The program connects to a specified MMS server and outputs information about the server identity, supported features, domains, and domain variables in JSON format.

### Building and Compilation

**Requirements:**

- [CMake](https://cmake.org/)
- [libiec61850](https://libiec61850.com) (tested with version 1.5.1)
- A C Compiler (e.g., gcc)

**Build steps:**

```sh
mkdir build
cd build
cmake ..
make
```

The resulting binary `explore-mms` will be located in the build folder.

### Dependencies

To build and run, you need:

- **libiec61850** (tested with version **1.5.1**), including its headers and static library (`libiec61850.a`)
- Standard C library

`explore-mms` is linked **statically** against `libiec61850` and other system libraries where possible. There are no runtime dependencies.

### Installation & Deployment

Since the binary is **statically linked**, it can be used on almost any recent Linux system (x86-64) without requiring the `libiec61850` library to be installed on the system.

Just copy the generated `explore-mms` binary anywhere and execute it directly.

**Example:**

```sh
./explore-mms --help
```

#### Usage and Parameters

The program can be started with the following parameters:

```sh
explore-mms [--password PASSWORD] [hostname [port]]
```

#### Options

`--help`:
: Displays the help screen.

`--password PASSWORD`:
: Uses ACSE password authentication during connection setup.

#### Arguments

`hostname`:
: Hostname or IP address of the MMS server. (Default: `localhost`)

`port`:
: MMS server's TCP port. (Default: `102`)

#### Examples

- Default call (no authentication, local): `explore-mms`
- With password authentication and explicit IP: `explore-mms --password secret 192.168.1.1`
- With all parameters: `explore-mms --password secret 192.168.1.1 102`

### Notes

- All program results (except error messages) are written as JSON to `stdout`.
- Errors and exceptions are output in human-readable form to `stderr` and cause program termination.
- The exit code is non-zero on any error.

## License

The software was developed on behalf of the BSI (Federal Office for Information Security)

Copyright (c) 2025 by DINA-Community BSD 3-Clause. [See License](/COPYING)