there anyone that tried to configure software service with DCRUM to monitor TCP
protocol SCADA E104 (Tcp port 2404)?
trying to configure this protocol on our AMD with the analyzer “Generic with
transaction” but seems not to work correctly.
someone have info about how correctly configure the service would
Generic with transactions should give you the basic TCP session information if the protocol is a transaction based (request/response) type protocol. Could you provide a screenshot of the stats thus far?
Also, if it is for back-end traffic you may not be seeing the TCP 3-way handshake straight away and therefore won't be able to calculate any operation times.
There will be a setting in the software service for 'persistent sessions'. Try selecting that option and see if the monitoring improves.
I work with Roberto, in the attached file (export-scada-e104.pcap) you can find a pcap dump of some traffic on SCADA protocol. Effectively it doesn't seem to use a 3 way handshake. We tried to enable the persistent session for this service but my impression is that not all data are correctly collected.
Can you check your AMD stats and make sure your feed is giving you everything you expect?
Beyond that, if the protocol in question has a request/response communication, you could look into using the universal decode to give you specific transactions and their operation time.