Table 4 Extracted field values from Layers 1 - 3
From: Comparison of approaches for intrusion detection in substations using the IEC 60870-5-104 protocol
Field | Description | OSI Layer |
|---|---|---|
frame_len | Represents the Ethernet frame length. Minimum size is 64 byte | L1 |
vlan_id | The VLAN ID field marks which VLAN the frame belongs to. | L2 |
ip_len | Total Length of the IP packet that includes the IP header and the user data. | |
ip_flags_df | The Don’t Fragment flag bit signals that fragmentation of this packet is not permitted. | |
ip_ttl | Time-to-live tells a network router the time after which a packet should be discarded. Can be set to any value between 1 and 255. |