Skip to main content

Table 5 Extracted field values from layer 4

From: Comparison of approaches for intrusion detection in substations using the IEC 60870-5-104 protocol

Field Description OSI Layer
tcp_srcport TCP Source Port is the port number used by the client sending the TCP segment. It is usually a number below 1024. IEC 60870-5-104 messages are sent over Port 2404.  
tcp_dstport TCP Destination Port is the port number used by the client receiving the TCP packet. It is usually a number below 1024. The IEC 60870-5-104 default port is set to 2404. L4
tcp_len Total length of the TCP Segment, includes header and data.  
tcp_hdr_len SLength of the TCP header can range from 20 bytes to 60 byte.  
tcp_window _size_value The TCP window size, is an indication of how much bytes the receiving device is willing to receive at any point in time. In situations when the receiver is overwhelmed, it will advertise a zero window size.  
tcp_pdu_size Equals tcp-len, but the value can only be dissected when it is a IEC 60870-5-104 packet.