From: Comparison of approaches for intrusion detection in substations using the IEC 60870-5-104 protocol
Field | Description | OSI Layer |
---|---|---|
tcp_srcport | TCP Source Port is the port number used by the client sending the TCP segment. It is usually a number below 1024. IEC 60870-5-104 messages are sent over Port 2404. | |
tcp_dstport | TCP Destination Port is the port number used by the client receiving the TCP packet. It is usually a number below 1024. The IEC 60870-5-104 default port is set to 2404. | L4 |
tcp_len | Total length of the TCP Segment, includes header and data. | |
tcp_hdr_len | SLength of the TCP header can range from 20 bytes to 60 byte. | |
tcp_window _size_value | The TCP window size, is an indication of how much bytes the receiving device is willing to receive at any point in time. In situations when the receiver is overwhelmed, it will advertise a zero window size. | |
tcp_pdu_size | Equals tcp-len, but the value can only be dissected when it is a IEC 60870-5-104 packet. |