Scribd
Upload
140 views3 pages

IEC 60870-5-104 and IEC 61850 Protocol Analysis With Wireshark

Uploaded by

Akash
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
140 views3 pages

IEC 60870-5-104 and IEC 61850 Protocol Analysis With Wireshark

Uploaded by

Akash
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

IEC 60870-5-104 and IEC 61850 Protocol Analysis with Wireshark https://www.packetsafari.

com/blog/2022/08/03/iec104-61850-analysis

Learn packet analysis with challenging Wireshark labs (+25 advanced PCAP case-
Learn more
studies) !

Info · Aug 3, 2022

IEC 60870-5-104 and IEC 61850


Protocol Analysis with Wireshark
Oliver Ripka

Table of contents

Introduction to IEC 60870-5-104 and IEC 61850


Protocols

The power industry relies on robust communication protocols to ensure the safe and
efficient operation of electrical substations. Two widely adopted protocols are IEC
60870-5-104 (IEC 104) and IEC 61850. IEC 104 is a standard telecontrol protocol used for
remote control and monitoring of substations, while IEC 61850 is a comprehensive
standard for substation automation, covering various aspects such as data modeling,
communication services, and system configuration.

As a packet analysis expert, understanding these protocols is crucial when


troubleshooting network issues and optimizing communication within a substation. In
this article, we will explore the process of analyzing IEC 104 and IEC 61850 traffic using
Wireshark, including real-world examples and expert tips.

Analyzing IEC 60870-5-104 Traffic with Wireshark

Wireshark provides built-in support for decoding and analyzing IEC 104 traffic. To
capture IEC 104 traffic on your network, use the following capture filter:

1 of 3 9/16/2024, 5:38 PM
IEC 60870-5-104 and IEC 61850 Protocol Analysis with Wireshark https://www.packetsafari.com/blog/2022/08/03/iec104-61850-analysis

tcp port 2404

Once you have captured some IEC 104 traffic, apply the following display filter to focus
on relevant packets:

iec104

In the packet details pane, you can inspect the IEC 104 protocol structure, including the
Application Protocol Data Unit (APDU) and its various fields such as Type Identification,
Cause of Transmission, and Information Objects. By analyzing these fields, you can
identify the type of command or information being exchanged and pinpoint potential
issues in the communication.

Analyzing IEC 61850 Traffic with Wireshark

Wireshark also supports IEC 61850 protocol analysis, including Manufacturing Message
Specification (MMS) and Generic Object-Oriented Substation Events (GOOSE) traffic. To
capture IEC 61850 traffic, use the following capture filter:

udp portrange 102-65535

For MMS traffic, apply this display filter:

mms

For GOOSE traffic, use this display filter:

sv or goose

The packet details pane will show the IEC 61850 message structure, including the MMS
or GOOSE header, and the data payload. You can explore various fields like Logical
Nodes, Data Attributes, and Quality Flags to understand the exchanged information and

2 of 3 9/16/2024, 5:38 PM
IEC 60870-5-104 and IEC 61850 Protocol Analysis with Wireshark https://www.packetsafari.com/blog/2022/08/03/iec104-61850-analysis

identify potential communication issues or misconfigurations.

Expert Tips for IEC Protocol Analysis

1. Familiarize yourself with the IEC 104 and IEC 61850 protocol specifications to better
understand the message structure and identify potential issues.

2. Use Wireshark's Statistics menu to analyze protocol-specific statistics, such as IEC


104 Type Identification distribution or IEC 61850 message types.

3. Create custom Wireshark profiles for IEC protocol analysis, including custom
columns, colorization rules, and display filters.

By understanding IEC 104 and IEC 61850 protocol analysis with Wireshark, you can
significantly improve your ability to troubleshoot and optimize substation networks. To
further enhance your packet analysis skills, consider enrolling in our WIRED for Packet
Analysis training course (https://oripka.de/en/wired/) and exploring the advanced
features of our PacketSafari PCAP analyzer (https://app.packetsafari.com).

3 of 3 9/16/2024, 5:38 PM

You might also like