{"id":291,"date":"2021-04-12T10:34:46","date_gmt":"2021-04-12T07:34:46","guid":{"rendered":"https:\/\/zerontek.com\/zt\/?p=291"},"modified":"2021-04-12T19:21:12","modified_gmt":"2021-04-12T16:21:12","slug":"wireshark-filters-for-ics-protocols","status":"publish","type":"post","link":"https:\/\/zerontek.com\/zt\/2021\/04\/12\/wireshark-filters-for-ics-protocols\/","title":{"rendered":"Wireshark filters for ICS protocols"},"content":{"rendered":"\n<p>Wireshark is a powerful tool for analyzing network packets. I did a search on the web in order to assemble a list of ICS protocols. Then I tried to look them up in Wireshark. There is a &#8220;filter expression&#8221; feature in Wireshark that enables you to filter out packets and find specific information [passwords, port number, function code &#8230;etc] .  Luckily I found 32 ICS protocols in Wireshark. Most of them are the major and mainstream protocols such as Modbus, DNP3 and IEC60870. I also discovered ICS protocols that I never heard of because they are not publicized in the ICS community much. I noticed that Wireshark don&#8217;t support all ICS protocols filters, for example GE-SRTP, ICCP or Pcworx and others .  I have added this list to my <a rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/selmux\/ICS-Security\" target=\"_blank\">github<\/a>. My <a rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/selmux\/ICS-Security\" target=\"_blank\">github project<\/a> includes ICS security resources that are useful for ICS security researchers. Having ICS filters in Wireshark is a major contribution  in ICS network security. I hope there will be more ICS protocols in the coming releases.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"821\" height=\"1024\" src=\"https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2021\/04\/filter-ws-821x1024.png\" alt=\"\" class=\"wp-image-300\" srcset=\"https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2021\/04\/filter-ws-821x1024.png 821w, https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2021\/04\/filter-ws-240x300.png 240w, https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2021\/04\/filter-ws-768x958.png 768w, https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2021\/04\/filter-ws-1231x1536.png 1231w, https:\/\/zerontek.com\/zt\/wp-content\/uploads\/2021\/04\/filter-ws.png 1277w\" sizes=\"auto, (max-width: 821px) 100vw, 821px\" \/><\/figure>\n\n\n\n<ol class=\"wp-block-list\"><li>BSAP<\/li><li>Bacnet<\/li><li>C12.22<\/li><li>CANopen<\/li><li>CIP<\/li><li>DeviceNet<\/li><li>Dnp3<\/li><li>EGD<\/li><li>EtherNetIP<\/li><li>Ethercat<\/li><li>Ethernet PowerLink<\/li><li>Fieldbus<\/li><li>Goose<\/li><li>HartIP<\/li><li>IEC60870_101<\/li><li>IEC60870_104<\/li><li>IEC60870_asdu<\/li><li>KNX<\/li><li>Modbus<\/li><li>Modbus \/ TCP<\/li><li>Modbus \/ UDP<\/li><li>Modbus RTU<\/li><li>OPC UA<\/li><li>Omron FINS<\/li><li>Profibus<\/li><li>Profinet<\/li><li>S7comm<\/li><li>Sercos<\/li><li>Sinec H1<\/li><li>TTEthernet<\/li><li>Tristation<\/li><li>Zigbee<\/li><\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Wireshark is a powerful tool for analyzing network packets. I did a search on the web in order to assemble a list of ICS protocols. Then I tried to look them up in Wireshark. There is a &#8220;filter expression&#8221; feature in Wireshark that enables you to filter out packets and find specific information [passwords, port [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":293,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,45,3,46,48,5],"tags":[7,42,6,44,47,43],"class_list":["post-291","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","category-ics-protocols","category-ics-security","category-ics-tools","category-ot-security","category-vendors","tag-cyber-security","tag-ics-protocols","tag-ics-security","tag-ics-tools","tag-ot-security","tag-wireshark"],"_links":{"self":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts\/291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/comments?post=291"}],"version-history":[{"count":9,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts\/291\/revisions"}],"predecessor-version":[{"id":306,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts\/291\/revisions\/306"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/media\/293"}],"wp:attachment":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/media?parent=291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/categories?post=291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/tags?post=291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}