Wiresharking IEC

From Phobos Wiki
Revision as of 12:41, 4 March 2015 by Alfred (talk | contribs) (Uus lehekülg: 'Some basic filters for analysing wireshark logs in case of IEC protocols ==IEC60870-5-104== Filter information object address 401 <pre> 104asdu.ioa == 401 </pre> Dispaly packages...')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Some basic filters for analysing wireshark logs in case of IEC protocols

IEC60870-5-104

Filter information object address 401

 104asdu.ioa == 401 

Dispaly packages with TCP length>0 (no ack messages)

tcp.len>0


Inrogen: GI Spont: Spontaneous event IOA: Information Object Address Act: activation message (select/execute) ActCon: activation confirmation ActTerm: activation termination