Field Wiki

IEC-104 session control

IEC-104 is not only TCP open. The application session must be started, supervised, acknowledged, and tested.

What it means

STARTDT, STOPDT, TESTFR, I/S/U frames

In IEC-104, TCP reachability only proves the socket is open. Data transfer starts after STARTDT, ASDU data is carried in I-frames, acknowledgements are visible in S-frames, and U-frames control or test the session.

STARTDTStarts application data transfer after TCP connection is established.

STOPDTStops application data transfer without necessarily closing TCP immediately.

TESTFRSupervises the session when no useful data is flowing.

I/S/U framesI-frames carry ASDUs, S-frames acknowledge, U-frames control the session.

What to check in ARIEC60870

Use the software to connect session control to visible frame evidence.

1A socket can be open while STARTDT confirmation is missing, so application transfer has not really started.

2Sequence mismatch or missing acknowledgement points to state tracking, timing, or reconnect behavior.

3ARIEC60870 keeps U/I/S frame behavior visible next to decoded ASDU evidence, event log, and Smart Findings.

TX68 04 07 00 00 00STARTDT act: request data transfer start

RX68 04 0B 00 00 00STARTDT con: device accepted data transfer

TX68 0E 00 00 00 00 64 01 06 00 01 00 00 00 14I-frame ASDU: General Interrogation activation, CA=1

RX68 04 01 00 02 00S-frame: acknowledgement for received I-frame sequence

TX68 04 43 00 00 00TESTFR act: session supervision test

RX68 04 83 00 00 00TESTFR con: supervision response

Keep following the evidence.

Protocol learning is easier when every concept is connected to a visible frame, counter, address, value, event, or report finding.

ACD/DFC Class 1/Class 2 Smart Findings