Application Examples
R&S
®
GP-E/GP-S
207User Manual v16.2.1 ─ 01
If multiple IEC 104 protocol decoders are defined for a single firewall rule, these decod-
ers are linked with AND logic. IEC 104 protocol decoders of different firewall rules for
the same network connection are OR-connected.
For the Wireshark output in the example above, you could configure the following IEC
104 protocol decoders:
Table 4-8: Sample decoder settings for the IEC 104 protocol based on the sample Wireshark output.
Wireshark output "Option" "Type" "Operator" "Expression"
asduMessageDirection number ==(equal)
0 or 1
TypeID: M_ME_NB_1
(11)
asduMessageType number ==(equal) 11
CauseTX: Spont (3)
asduTransmissionCause number ==(equal) 3
Negative: False
asduTransmissionCauseNegative number ==(equal) 0
Test: False
asduTransmissionCauseTest number ==(equal) 0
OA: 0
asduOriginatorAddress number ==(equal) 0
Addr: 19377
asduAddress number ==(equal) 19377
Validating the IEC 104 Protocol
An IEC 104 protocol decoder can be used to check whether the IEC 104 protocol is
valid or not.
Create a decoder with the following settings to check whether the IEC 104 protocol is
valid. By selecting Reject as the "Policy" in the firewall rule, you can configure the
firewall to reject an invalid protocol before it reaches the remote.
Table 4-9: Sample decoder settings to check the validity of the IEC 104 protocol.
Field Setting
"Protocol"
iec104
"Option"
invalid
Decoder Examples
To Next Page
Loading...