Modbus Parity and Character Format

On a Modbus serial line, every byte you send is wrapped in a few extra bits before it hits the wire. Those extra bits — the start bit, an optional parity bit, and one or two stop bits — make up the character format. Get them wrong on one device and it won’t talk to the rest of… Read More »

Zakaria El Intissar

ICCP Device Control: SBO Select and Operate Explained

Device control is where ICCP stops being a data feed and becomes an operational tool — and a liability if misunderstood. Conformance block 5 lets one control center trip breakers, raise taps, and write setpoints in another organization’s network. The protocol wraps that power in the select-before-operate pattern every operations engineer knows from local SCADA, adapted for the… Read More »

Zakaria El Intissar

ICCP Security: Hardening TASE.2 Links With IEC 62351

An ICCP link is a standing, months-long connection between two organizations, carrying real-time grid data and — where block 5 is enabled — live control of primary equipment. It crosses an organizational boundary by definition: the other end is somebody else’s network, somebody else’s patching discipline, somebody else’s incident. That makes it one of the most security-relevant connections… Read More »

Zakaria El Intissar

ICCP Transfer Sets: How TASE.2 Reporting Really Works

A transfer set is the engine of an ICCP link. Data values are what you exchange; data sets group them; but the transfer set decides everything about the actual flow — when reports are sent, what they contain, how bursts are handled, and whether the client must acknowledge. Once transfer sets are enabled, the link runs itself: the… Read More »

Zakaria El Intissar

Wireshark for ICCP: How to Decode TASE.2 Traffic

Open Wireshark and search the protocol list for ICCP or TASE.2. You won’t find either. There has never been a dedicated ICCP dissector, which confuses many engineers the first time they capture an inter-control-center link — the traffic is right there on port 102, and Wireshark calls it something else. Here’s the thing that makes it simple: ICCP… Read More »

Zakaria El Intissar

The ICCP Protocol Stack: OSI Over TCP/IP Explained

The first time you capture ICCP traffic in Wireshark, the protocol column reads like an archaeology dig: TCP, then TPKT, then COTP, then Session, Presentation, ACSE, MMS. Seven layers deep before a single power system value appears. This article explains what each layer does, why the stack looks like this, and — since this is where commissioning time… Read More »

Zakaria El Intissar

ICCP Conformance Blocks: What Servers Actually Support

Every ICCP datasheet says the same thing: “supports blocks 1, 2, and 5” or some variation. Conformance blocks are how TASE.2 capability is packaged, sold, tested, and written into bilateral agreements. They’re also where datasheets, the wire protocol, and the standard itself quietly disagree. This article decodes each block, explains why nearly half of them were deleted from… Read More »

Zakaria El Intissar

ICCP Bilateral Tables Explained (TASE.2 Access Control)

Every ICCP link runs on a pair of bilateral tables. They decide who may connect, what they may see, and what they may do. They are also the single most common reason a new ICCP link doesn’t work on day one — not the protocol, not the network, the tables. This article covers what a bilateral table is,… Read More »

Zakaria El Intissar

What Is the ICCP Protocol? TASE.2 (IEC 60870-6) Explained

ICCP is the protocol utility control centers use to talk to each other. Not to substations. Not to RTUs. To other control centers: the neighboring utility, the regional transmission operator, the power pool, an independent generator’s dispatch center. Its official name is TASE.2, the Telecontrol Application Service Element 2. The standard behind it is the IEC 60870-6 series,… Read More »

Zakaria El Intissar

What Is AMQP 0.9.1? A Complete Guide to the Protocol

AMQP 0.9.1 is a message-oriented protocol that defines both a wire-level exchange format and a specific server model with exchanges, queues, bindings, and routing rules. It is best known as the native protocol of RabbitMQ, which is the most widely-deployed open source message broker in the world. Despite being called “legacy” in some OASIS documentation, AMQP 0.9.1 remains… Read More »

Zakaria El Intissar