The PLC Sniffer creates a relational database using SQLite to store the G3-PLC logs. Using this type of database to store the information helps to handle logs from complex networks and to inspect the data in very flexible ways. Third party tools to handle SQLite databases can also be used. A useful tool for SQLite database inspection is the SQLite Manager plug-in for Firefox browser.
- LogInfo: contains information about the database
- Frame: each row of this table represents a PLC message on the power line. This table contains the information displayed on the Capture and Log windows. Includes the raw data of the received PDU and some parameters from the PHY Layer provided by the hardware. Also includes a timestamp value
- Beacon: disassembled information of the Beacon PDU as defined in G3-PLC standard
- Data: data PDU as defined in G3-PLC standard. The data payload may contain a message from the adaptation sublayer. If possible, it will be disassembled and the proper information will be inserted in MeshHeader, BroadcastHeader, FragmentationHeader, LBP_Header, LBP_EAP and LBP_ConfParam tables
- ToneMapResponse: disassembled information of the Tone Map Response PDU as defined in G3-PLC standard
- DecryptedData: When data payload is encrypted and the key is known, the decrypted data will be stored in this table. The key will only be known if the capture starts before the bootstrapping
- MeshHeader: disassembled Mesh Header encapsulated in Data PDU as defined in G3-PLC standard
- BroadcastHeader: disassembled broadcast header encapsulated in Data PDU as defined in G3-PLC standard
- FragmentationHeader: disassembled fragmentation header encapsulated in Data PDU as defined in G3-PLC standard
- LBP_Header: disassembled LoWPAN bootstrapping protocol header encapsulated in Data PDU as defined in G3-PLC standard
- LBP_EAP: disassembled EAP message encapsulated in Data PDU as defined in G3-PLC standard
- LBP_ConfParam: disassembled configuration parameter message encapsulated in Data PDU as defined in G3-PLC standard
- RREQ: disassembled Route Request (message type of LOADng routing protocol) message encapsulated in Data PDU as defined in G3-PLC standard
- RREP: disassembled Route Reply (message type of LOADng routing protocol) message encapsulated in Data PDU as defined in G3-PLC standard
- RERR: disassembled Route Error (message type of LOADng routing protocol) message encapsulated in Data PDU as defined in G3-PLC standard
- PREQ: disassembled Path Request (message type of LOADng routing protocol) message encapsulated in Data PDU as defined in G3-PLC standard
- PREP: disassembled Path Reply (message type of LOADng routing protocol) message encapsulated in Data PDU as defined in G3-PLC standard
- RLCREQ: disassembled Route Link Cost Request (message type of LOADng routing protocol) message encapsulated in Data PDU as defined in G3-PLC standard
- RLCREP: disassembled Route Link Cost Reply (message type of LOADng routing protocol) message encapsulated in Data PDU as defined in G3-PLC standard
- LOADng_ForwardPaths: Forward paths associated to a PREQ message
- LOADng_ReversePaths: Reverse paths associated to a PREQ message
- Node: table containing the current status of all the nodes detected on the network
- Event: table containing the status events that define the node table. This table allows to reproduce the status of a node at any time of the log
- G3KH: G3-PLC Key hierarchy, table containing all the keys knows by the sniffer. If the PSK key is supplied, the sniffer will know all key hierarchy and when a bootstrap sequence is completed, the sniffer will learn the GMK key
All tables are linked through a common “idFrame” index. This unique index is assigned when a new frame is inserted on the database. This allows building complex search queries with SQL. Figure 1 and Figure 2 show the tables and relations of a G3-PLC log database. Table fields are encoded as specified in the PRIME standard except CmdType Identifier. This field is specified in the next section.
