Wireshark filters for ICS protocols
Source: https://zerontek.com/zt/2021/04/12/wireshark-filters-for-ics-protocols/
Wireshark is a powerful tool for analyzing network packets. I did a search on the web in order to assemble a list of ICS protocols. Then I tried to look them up in Wireshark. There is a “filter expression” feature in Wireshark that enables you to filter out packets and find specific information [passwords, port number, function code …etc] . Luckily I found 32 ICS protocols in Wireshark. Most of them are the major and mainstream protocols such as Modbus, DNP3 and IEC60870. I also discovered ICS protocols that I never heard of because they are not publicized in the ICS community much. I noticed that Wireshark don’t support all ICS protocols filters, for example GE-SRTP, ICCP or Pcworx and others . I have added this list to my github. My githiub project includes ICS security resources that are useful for ICS security researchers. Having ICS filters in Wireshark is a major contribution in ICS network security. I hope there will be more ICS protocols in the coming releases.
- BSAP
- Bacnet
- C12.22
- CANopen
- CIP
- DeviceNet
- Dnp3
- EGD
- EtherNetIP
- Ethercat
- Ethernet PowerLink
- Fieldbus
- Goose
- HartIP
- IEC60870_101
- IEC60870_104
- IEC60870_asdu
- KNX
- Modbus
- Modbus / TCP
- Modbus / UDP
- Modbus RTU
- OPC UA
- Omron FINS
- Profibus
- Profinet
- S7comm
- Sercos
- Sinec H1
- TTEthernet
- Tristation
- Zigbee
