IEC 60870-5-104 Explorer (often referred to simply as an IEC 104 Explorer or simulator) is a specialized diagnostic software tool used by power utility engineers to simulate, test, and troubleshoot the IEC 60870-5-104 network communication protocol between SCADA master stations and substation Remote Terminal Units (RTUs) or Intelligent Electronic Devices (IEDs).
By operating over standard TCP/IP networks via Port 2404, the IEC 104 protocol is the backbone of modern power distribution grids, but it is highly sensitive to network timing and parameter mismatches. An Explorer tool acts as either a “Controlling Station” (Master/Client) or a “Controlled Station” (Slave/Server) to isolate faults, sniff traffic, and verify data flows without disrupting live operations. Core Functions of an IEC 104 Explorer
An Explorer tool helps bridge the gap between network packet sniffers (like Wireshark) and actual SCADA HMI software by translating raw telecontrol bytes into actionable operational engineering views.
Master/Slave Emulation: It can mimic a SCADA control center to pull data from a newly installed physical RTU, or mimic an RTU to verify that a SCADA host properly receives power grid signals.
ASDU Decoding: It breaks down complex Application Service Data Units (ASDUs) into human-readable data types. Instead of hexadecimal strings, engineers instantly see telemetry, such as single-point binary indications (breaker positions), double-point commands, or measured analog values.
APDU Frame Analysis: It categorizes traffic into three essential protocol frame formats: I-Frames (Information/Data payloads), S-Frames (Supervisory control for numbered acknowledgments), and U-Frames (Unnumbered control functions for activating/testing connections). Common Substation Troubleshooting Scenarios
Most issues encountered during substation automation commissioning are not flaws within the protocol itself; rather, they are device configuration mistakes. Using an Explorer, engineers can quickly isolate several common real-world failures: 1. TCP Connection is Up, but No Data Flows
The Issue: The network team confirms a steady TCP connection on Port 2404, but the SCADA system displays zero live telemetry.
The Cause: The handshake process is stuck. IEC 104 requires a specific U-Frame exchange to start communication. If the Master sends a STARTDT (Start Data Transfer) request and the Slave never responds with a STARTDT CON (Confirmation), the communication channel remains functionally frozen.
Explorer Fix: Use the tool to send explicit, isolated STARTDT commands to see if the RTU drops the packet or lacks the internal logic to confirm it. 2. The “Stale Data” Trap After Reconnections
The Issue: A network link drops for 2 minutes and recovers. The system status page shows “Connected,” but the breaker states and power values are stale or frozen.
The Cause: Missing a General Interrogation (GI) sequence. When an IEC 104 link recovers, the Master must issue a GI command to force the substation RTU to send a complete snapshot of all current field values. Without it, the SCADA system only receives updates for values that change after the link came back up.
Explorer Fix: Send a manual Interrogation Command (ASDU Type 100) through the software to verify that the outstation correctly bundles and triggers its entire database payload. 3. Data Missing Due to IOA Mismatches
The Issue: A physical test button is pressed in the substation, but nothing updates on the SCADA screen.
The Cause: Information Object Address (IOA) mismatch. Every single status point, command, and sensor parameter has a unique numerical IOA. If the RTU firmware assigns a circuit breaker to IOA 1005, but the SCADA engineer configured it to look at IOA 1050, the data disappears into a void.
Explorer Fix: Run the Explorer as a passive monitor. Observe the precise incoming IOA numbers in the live data stream when physical grid assets toggle, then compare them directly against the SCADA engineering database. 4. Constant Reconnections on Cellular or Long-Distance WANs
Leave a Reply