OT Reconnaissance with Wireshark and GrassMarlin Read every packet. Spot every anomaly. Baseline your OT network before attackers do. During the Ukraine 2015 power grid attack, attackers used …

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

A practical guide to OT/ICS network reconnaissance using Wireshark and GrassMarlin. Covers Wireshark installation, interface orientation, OT-specific display filters for Modbus function codes (read, write, and exception responses), Statistics menu features for mapping device relationships, and coloring rules for anomaly detection. Also introduces GrassMarlin, an NSA-developed open-source tool for passive ICS/SCADA network topology mapping from PCAP files. The guide contextualizes techniques with real-world attacks like the 2015 Ukraine power grid incident and TRITON malware, emphasizing that baselining normal OT traffic is essential for detecting intrusions.