Can this skill detect industrial cyberattacks?

Yes, it is designed to identify common attack patterns such as device enumeration, unauthorized register writes, and protocol-level fuzzing.

Which tools does this Claude Code skill use?

This skill utilizes Python-based tools including Scapy, pymodbus, and pandas, along with Zeek for passive network traffic analysis and logging.

How long does the baselining process take?

A minimum period of 48-72 hours is recommended to establish an accurate profile of normal operational communication patterns and polling intervals.

What is Modbus TCP monitoring?

Modbus TCP monitoring involves analyzing network traffic on port 502 to ensure legitimate communication between SCADA systems and programmable logic controllers (PLCs).

Is it safe to use on a production SCADA network?

The skill focuses on passive monitoring via SPAN ports or network TAPs, which ensures visibility without interfering with critical industrial processes.

SCADA Modbus Traffic Monitoring

Name: SCADA Modbus Traffic Monitoring
Author: micsapp

bymicsapp

0•

セキュリティとテスト

Monitors Modbus TCP traffic on SCADA and ICS networks to detect unauthorized function codes, register writes, and suspicious communication patterns.

This skill provides a specialized framework for monitoring industrial control system (ICS) networks by analyzing Modbus TCP traffic on port 502. It enables security analysts to establish behavioral baselines for PLC and RTU communications, detect unauthorized process parameter manipulation, and identify reconnaissance activities. By leveraging deep packet inspection tools like Scapy, pymodbus, and Zeek, the skill identifies anomalies in function code distribution and out-of-range register values, providing critical protection for operational technology (OT) environments against sabotage and cyber threats.

主な機能

01Detection of unauthorized write operations and parameter changes

02Real-time monitoring of critical process register value ranges

030 GitHub stars

04Deep packet inspection for Modbus TCP protocol analysis

05Identification of Modbus device reconnaissance and scanning attempts

06Automated baselining of normal PLC/RTU communication patterns

ユースケース

01Identifying reconnaissance targeting industrial controllers (PLCs/RTUs)

02Monitoring OT networks for malicious command injection or protocol fuzzing

03Detecting unauthorized setpoint changes in utility SCADA systems

主な機能

01Detection of unauthorized write operations and parameter changes

02Real-time monitoring of critical process register value ranges

030 GitHub stars

04Deep packet inspection for Modbus TCP protocol analysis

05Identification of Modbus device reconnaissance and scanning attempts

06Automated baselining of normal PLC/RTU communication patterns

ユースケース

01Identifying reconnaissance targeting industrial controllers (PLCs/RTUs)

02Monitoring OT networks for malicious command injection or protocol fuzzing

03Detecting unauthorized setpoint changes in utility SCADA systems