We can perform a man-in-the-middle-attack on any Wi-Fi and Ethernet connection that goes through the lab’s router. We use the command tcpdump to capture all the traffic that goes through the router and then pipe that data into our machine and analyse it with Wireshark. You can use the Kali desktop in the lab or any computer which has a connection to the router and the appropriate tools.
Type in this command in terminal (replacing routers.ip with the actual IP of the router):
ssh firstname.lastname@example.org tcpdump -U -w - -i br0 not port 22 | wireshark -k -i -
You will then be prompted for the root password for the router, once you’ve entered this Wireshark should open and you will be able to begin analysing traffic.
You can edit the tcpdump command to your specification, but remember that the ‘not port 22’ part is neccesary to avoid seeing the SSH packets being sent between your computer and the router.
If TLS is implemented, the connection can still be vulnerable. See https://www.youtube.com/watch?v=gmYcsdXT3W8.
Wireshark is one of the most widely used network protocol analyzers available. When listening in on a network with Wireshark, the user is able to filter the packets that are shown by for example protocol.
Industrial Control Systems, or ICS, is an umbrella term used to describe hardware and software that are serving vital industrial infrastructure, as well as the networks connecting them. Usually ICS get data from sensors, decide on an appropriate action, and then send commands to the machinery.
- Ethernet PowerLink
- Modbus / TCP
- Modbus / UDP
- Modbus RTU
- OPC UA
- Omron FINS
- Sinec H1
 About Wireshark. wireshark.org. https://www.wireshark.org/. (Fetched 2021-04-14)
 ICS Protocols. Infosec Institute. https://resources.infosecinstitute.com/topic/ics-protocols/. (Fetched 2021-04-14)
 Wireshark filters for ICS protocols. ZeroNtek. https://zerontek.com/zt/2021/04/12/wireshark-filters-for-ics-protocols/. (Fetched 2021-04-14)