Hi, I am a novice to wireshark and I just had a question about the types of messages which involve 60870-104. I understand that two main types are boadcasted: 104asdu, 104apci. One is from the RTUs to the control center and the other the other way around. What is the difference between the two and what significance either has? I am sorry if the question is quite ordinary. Like I said, I am a novice. Thanks, Mehrdad asked 17 Nov '15, 01:49  Mehrdad Kaze... |
One Answer:
Is this explanation what you are looking for? The APCI part of the APDU is used for control of the communication, the ASDU part carries the payload. NB: "broadcast" has a specific meaning, "to send something to all reachable recipients simultaneously", which is probably not the case here. When talking about sending something to a single recipient, "unicast" is used when you need distinction from broadcast (and multicast), and plain "send" or "transmit" otherwise. If your actual question was why some of the packets are described as "104apci" and some as "104asdu" in the packet list pane, it is because Wireshark always shows the highest level of protocol hierarchy which can be found in the frame. So APDUs which only contain APCI but no ASDU are described as 104apci, and APDUs where also ASDU is present are described as 104asdu. (well, to be precise: "Wireshark always shows the highest level of protocol hierarchy which can be found in the frame and whose dissection is permitted in Wireshark configuration"). answered 17 Nov '15, 04:10  sindy edited 17 Nov '15, 12:38 |
