Let's Create a ModbusTest Environment: Virtual Setup, Simulators and Wireshark Analysis Fun!

-

Let's create a Modbus test environment: Virtual setup, simulators, and Wireshark analysis Fun!

Modbus is one of the most widely used industrial communication protocols in SCADA, PLCs, and IoT devices. Setting up a Modbus test environment allows you to simulate, analyze, and troubleshoot industrial networks.

1. Virtual Environment for Modbus Testing

To create a controlled Modbus test environment, you need a virtualized lab that includes:

  • A Modbus server (simulating PLCs or sensors).
  • A Modbus client (HMI or SCADA software).
  • A network monitoring system (Wireshark) to capture Modbus TCP traffic.

Best Virtualization Tools for Modbus Testing

  • VMware Workstation / VirtualBox → Run multiple VMs for SCADA, PLCs, and clients.

  • Docker → Containerized Modbus server/client testing.

  • EVE-NG / GNS3 → Simulate industrial network topologies for real-world scenarios.

  • Proxmox → High-performance hypervisor for OT security labs.

Recommended Virtual Lab Setup:

  1. Windows VM → Run a Modbus master/client tool.

  2. Ubuntu VM → Install an open-source Modbus server (e.g., ModbusPal, pymodbus).

  3. Kali Linux → Use for penetration testing & traffic analysis.

  4. Raspberry Pi (optional) → Simulate a real Modbus RTU slave device.

  5. Wireshark → Capture and analyze Modbus TCP packets.

2. Modbus Simulator Tools for Testing

If you don’t have a real PLC, Modbus simulators provide virtual Modbus slaves and masters.

Best Modbus Simulators:

ToolModbus TypeUse Case
ModbusPalModbus TCP & RTUSimulates Modbus slaves with real-time values.
Modscan32Modbus TCP & RTUReads and writes Modbus registers.
ModSim32Modbus TCP & RTUGraphical Modbus slave simulator.
pymodbus (Python)Modbus TCP & RTUDevelops custom Modbus applications.
QModMasterModbus TCP & RTUOpen-source Modbus master tool.
Simply ModbusModbus TCP, RTU, ASCIIGreat for educational testing.
mbpollModbus TCP & RTULinux-based command-line Modbus tester.

How to Use a Modbus Simulator?

  1. Install ModbusPal → Simulates a Modbus slave with register values.

  2. Use QModMaster → Connect as a Modbus client and read/write data.

  3. Capture Modbus TCP communication in Wireshark.

3. Analyzing Modbus Communication PCAP with Wireshark 

Wireshark allows you to see real-time Modbus requests and responses, detect security issues, and reverse-engineer Modbus commands.

Fun Modbus Analysis Scenarios in Wireshark:

1. Decoding Modbus TCP Traffic

  • Apply the Wireshark filter: modbus

  • See Modbus function codes (Read Coils, Write Registers, etc.).

  • Analyze how PLC and SCADA systems communicate.

2. Finding Security Weaknesses in Modbus

  • Modbus lacks encryption! Look for plaintext data transfers.

  • Spot unauthorized Modbus write requests from rogue clients.

  • Identify Denial of Service (DoS) attempts against a Modbus slave.

3. Reverse-Engineering Modbus Commands

  • Capture Modbus read/write operations in a PCAP file.

  • Identify critical control signals (e.g., start/stop commands for industrial processes).

  • Understand how PLC registers are modified remotely.

4. Simulating a Man-in-the-Middle (MITM) Attack

  • Use Wireshark + Bettercap to alter Modbus packets in transit.

  • Inject false sensor values (e.g., change pressure readings).

  • Observe how a SCADA system reacts to manipulated data.

Summary: Learn & Have Fun with Modbus Security!

  • Create a virtual Modbus test environment using VMs and simulators.
  • Use Modbus tools like ModbusPal, QModMaster, and pymodbus.
  • Capture & analyze Modbus traffic with Wireshark to detect vulnerabilities.


#CPS #OT #XIoT #IoT #IIoT #IoMT #CPSSecurity #OTSecurity #IoTSecurity #CPS보안 #OT보안 #IoT보안

Comments

Post a Comment

Popular posts from this blog

Don't confuse DCS, PLC and SCADA in front of OT specialists

-
Image
DCS, PLC and SCADA are not the same. If you keep talking only about PLC security in front of the Oil&Gas industry executives where DCS is the main focus, they will not recognize you as a proper expert. We need to understand the characteristics of OT systems such as DCS, PLC, and SCADA accurately, also respect each OT culture uniquely and finally approach the sites in the right way. Don't be confused, here’s a clear and accurate explanation of DCS, PLC, and SCADA . 1. Distributed Control System (DCS) Concept A DCS (Distributed Control System) is an automated control system used for large-scale industrial processes that require continuous operation and high reliability. It consists of multiple controllers distributed throughout the system, which communicate with each other to manage complex processes. Key Features Used in large-scale, continuous processes (e.g., oil refineries, power plants). Decentralized control architecture with multiple controllers working together. Pr...
Read more

Top 20 Threat Scenarios & Playbooks for OT Security

-
Image
A comprehensive list of 20 threat scenarios in OT security along with detailed descriptions and detection rules that can help identify and respond to these threats. This playbook-style table covers different types of attacks—from unauthorized access to insider abuse—with corresponding rules and indicators to alert security teams. # Threat Scenario Detailed Description Detection Rules & Indicators 1 Unauthorized Remote Access Attempt An attacker uses stolen or weak credentials to access OT networks remotely. - Log Analysis: Monitor VPN/RDP logs for unusual login times, geolocation mismatches, and failed/successful login bursts. - User Behavior Analytics (UBA): Alert on deviations from normal remote access patterns. - Anomaly Detection: Trigger an alert when a remote session is initiated from an unusual IP or geographic region. 2 Malware/Ransomware Infiltration in OT Network Malicious code is introduced into the OT network via compromised endpoints or phishing, potentially encr...
Read more

Let's create our own ICS Labs in the VMs!

-
Image
Let's create our own ICS Labs in the VMs: A Step-by-Step Guide Building an Industrial Control System (ICS) lab in a virtualized environment allows security researchers, engineers, and penetration testers to safely simulate industrial networks, study threats, and test security defenses. Below is a detailed step-by-step guide to creating an ICS lab , including HMI, EWS, PLC, and other critical components. 1. Lab Architecture Overview Key Components in an ICS Lab: HMI: Graphical interface for controlling industrial processes. Engineering Workstation (EWS): Used to configure PLCs and SCADA systems. PLC: Controls physical processes (e.g., motors, valves). SCADA System: Supervisory control and monitoring of ICS networks. Historian: Logs and stores process data for analysis. Networking Components: Virtualized switches, routers, and firewalls to segment ICS networks. Attacker Machine: Kali Linux or Metasploit for penetration testing. 2. Choosing the Virtualization ...
Read more