Why this topic matters
Industrial protocols often assume trust that modern enterprise protocols no longer would. That means visibility, segmentation and command semantics matter enormously. You do not need code execution to create real risk if the process trusts the traffic.
Operator checks
- Understand read/write functions, addressing, broadcast behaviour and expected polling patterns.
- Separate protocol visibility from protocol manipulation; both matter, but they answer different questions.
- Test assumptions around unauthenticated commands, stale devices and permissive routing.
- Correlate packet behaviour with process context whenever possible.
Reporting lens
Write findings in terms of trust crossed, scope enlarged and business or operational effect reached. That keeps the note useful whether you are validating a lab, an internal research target or a live customer environment.
Curated public references
- Wireshark ModbusPacket visibility and protocol basics.
- Wireshark DNP3DNP3 packet and field visibility.
- MITRE ATT&CK for ICSIndustrial-technique framing.