ANSI C12.22 (c1222)
ANSI C12.22 is an application layer protocol designed for use on electric utility meter networks. Its official title is Protocol Specification for Interfacing to Data Communication Networks but this title is somewhat more generic than the protocol. The protocol is used to transport ANSI C12.19 tables which are metering specific data structures.
The first two protocols in this series were ANSI C12.18 and ANSI C12.19 which are, respectively, an infrared close range point-to-point communications protocol and standardized data structures for electric utility meters (watthour meters). Virtually all electronic utility watthour meters produced for the North American market implement these standards. ANSI C12.18 was first published in 1996 and revised in 2006. ANSI C12.19 was originally published in 1997.
ANSI C12.21 was an adaptation of the simple C12.18 optical protocol and was intended for use over dial-up modems. It was first published in 1999 and revised in 2006.
ANSI C12.22 was first published in 2008. It retains the same read table/write table application layer services and encoding as C12.18 and C12.21, but uses an ASN.1 wrapper and adds encryption capabilities.
The C12.22 dissector has been included in the main code since version 1.8. The dissector implements all three C12.22 security modes (none, Authentication only and Ciphertext with Authentication) and TCP packet reassembly.
The following preference settings are associated with the C12.22 dissector:
- Desegment all C12.22 messages spanning multiple TCP segments
- Verify crypto for all applicable C12.22 messages
- Decryption table
The decryption table is a list of cryptographic keys used with a specific instance of the C12.22 protocol. The table search mechanism is very simple: the dissector searches linearly from the top of the table to the bottom until it finds a matching key ID. This means that the table may contain multiple entries for a particular key ID. That is, one might have multiple different keys all labelled as key 0 within the table but the dissector will only use the first one listed. This is done as a convenience so that different captures can be analyzed simply by moving the relevant key(s) up to the top of the list. As per the protocol specification the key ID is a single byte and the keys are each sixteen bytes long. Both are specified in hexadecimal notation in this dissector.
Example capture file
SampleCaptures/c1222overIPv4.cap.gz C12.22 read of Standard Table 1 with response. This communication was using Ciphertext with Authentication mode with key 0 = 6624C7E23034E4036FE5CB3A8B5DAB44
SampleCaptures/c1222_over_ipv6.pcap C12.22 read of Standard Tables 1 and 2 with response. This communication was using Ciphertext with Authentication mode with key 0 = 000102030405060708090A0B0C0D0E0F
A complete list of C12.22 display filter fields can be found in the display filter reference
- Show only the C12.22 based traffic:
You cannot directly filter C12.22 protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.
- Capture only the C12.22 traffic over the default port (1153):
tcp port c1222-acse
NEMA press release NEMA Publishes ANSI C12.22 Protocol Specification for Interfacing to Data Communication Networks - describes what the protocol is and where to get a copy
An Overview of ANSI C12.22 trade magazine article gives an overview of the protocol