Wireshark filters for ICS protocols

Wireshark is a powerful tool for analyzing network packets. I did a search on the web in order to assemble a list of ICS protocols. Then I tried to look them up in Wireshark. There is a “filter expression” feature in Wireshark that enables you to filter out packets and find specific information [passwords, port number, function code …etc] . Luckily I found 32 ICS protocols in Wireshark. Most of them are the major and mainstream protocols such as Modbus, DNP3 and IEC60870. I also discovered ICS protocols that I never heard of because they are not publicized in the ICS community much. I noticed that Wireshark don’t support all ICS protocols filters, for example GE-SRTP, ICCP or Pcworx and others . I have added this list to my github. My github project includes ICS security resources that are useful for ICS security researchers. Having ICS filters in Wireshark is a major contribution in ICS network security. I hope there will be more ICS protocols in the coming releases.

  1. BSAP
  2. Bacnet
  3. C12.22
  4. CANopen
  5. CIP
  6. DeviceNet
  7. Dnp3
  8. EGD
  9. EtherNetIP
  10. Ethercat
  11. Ethernet PowerLink
  12. Fieldbus
  13. Goose
  14. HartIP
  15. IEC60870_101
  16. IEC60870_104
  17. IEC60870_asdu
  18. KNX
  19. Modbus
  20. Modbus / TCP
  21. Modbus / UDP
  22. Modbus RTU
  23. OPC UA
  24. Omron FINS
  25. Profibus
  26. Profinet
  27. S7comm
  28. Sercos
  29. Sinec H1
  30. TTEthernet
  31. Tristation
  32. Zigbee

Comments are closed.