Intrusion control systems (ICS) are used in various industries, including critical infrastructures, the security against attacks is of particular importance. Network Intrusion Detection Systems (NIDS), which can use protocol-specic dissectors, are particularly suitable for this, as they can prevent attack attempts without interfering with the ICS. This work investigates the question under which conditions rules based on ICS-protocol-specic dissector should be preferred over the rules based on the TCP payload provided by the transport layer dissector. This work evaluates aspects of security, usability and especially the performance regarding the scope of functions of the dissector. Therefore an ICSprotocol dissector for the S7Comm protocol is implemented and evaluated together with an SSH dissector in dierent scenarios. Further inuencing factors that could interfere with the processing-performance, but also the detection accuracy are investigated.