iec104 io overview

edit

There are a couple IEC 60870-5-104 sample captures on the wiki.
Are these the protocol you are working with and if so, which fields (Wireshark dfref: iec60870_104)are you interested in?
(Edit: the rest of the fields - iec60870_asdu)

I mean every single digital point. For example iec60870_asdu.ioa == 2348. Or iec60870_asdu.ioa in {1..550}. Please Keep in mind that I may have hundreds of IO points and would like to count how many of each actually appear on the pcap. How many of each happen in an invalid state? And so on... Thanks for your answer.

epan/dissectors/packet-iec104.c:

/* ASDU types (TypeId) */
#define M_SP_NA_1  1    /* single-point information                     */
#define M_SP_TA_1  2    /* single-point information with time tag       */
...

Which iec60870_asdu.typeid types?

This could be done with a combination of MATE to extract the ioa values for only pdus of a certain typeid:

Pdu asdu_pdu Proto iec60870_asdu Transport tcp/ip {
    Extract typeid From iec60870_asdu.typeid;
    Extract ioa From iec60870_asdu.ioa;

    Criteria Accept Every (typeid="1");
};

And a lua plugin to count the occurrences:

3:  2
2:  3
1:  2
4:  2

It can be cleaned up (results sorted) and perhaps (maybe) be done in just a lua script without MATE.

I think I would revert to some scripting automation using tshark.

Wireshark doesn't work that well with telemetry protocols that have repeated data in the same packet. Display filters select entire packets that contain at least one item that matches the filter so a report of multiple events for an IOA will just show 1 packet.