Gennaro Geca89

## 104.txt
# Section 4: IEC 60870-5-104 - Filtri, Estrazioni, Diagnostica

# - IEC-104 su TCP/2404. Wireshark: "iec104" come dissector.
tcp.port == 2404
iec104
iec104 && ip.addr == 10.10.10.5
# iec104.cot, iec104.typeid, iec104.asduaddr, iec104.ioa, iec104.startdt, iec104.stopdt
tshark -r input.pcapng -Y "iec104" \
-e iec104.cot -e iec104.typeid -e iec104.asduaddr -e iec104.ioa > iec104.csv
# 1) STARTDT/STOPDT   filtra su U-frames: iec104.startdt || iec104.stopdt
	# Section 4: IEC 60870-5-104 - Filtri, Estrazioni, Diagnostica

	# - IEC-104 su TCP/2404. Wireshark: "iec104" come dissector.
	tcp.port == 2404
	iec104
	iec104 && ip.addr == 10.10.10.5
	# iec104.cot, iec104.typeid, iec104.asduaddr, iec104.ioa, iec104.startdt, iec104.stopdt
	tshark -r input.pcapng -Y "iec104" \
	-e iec104.cot -e iec104.typeid -e iec104.asduaddr -e iec104.ioa > iec104.csv
	# 1) STARTDT/STOPDT filtra su U-frames: iec104.startdt \|\| iec104.stopdt