Modbus TCP
The grandfather of industrial automation protocols.
Protocol Functionality
Released in 1979, Modbus TCP wraps Modbus RTU serial commands in standard TCP packets. Because it was engineered for physically isolated environments, it possesses no native encryption, no cryptographic handshakes, and no session authorization. It executes commands from any network node.
Active Scan Crash Hazards
Older Modbus Ethernet adapters (e.g. early Schneider or Modicon modules) have micro-buffers designed to handle a single command queue. Aggressive IT port scanners connect rapidly and leave sessions half-open (SYN sweeps). This quickly consumes all TCP channels, starving the CPU, causing memory leaks, and triggering network interface crashes that lock up control outputs.
Deterministic Safe Discovery
Solapse implements deterministic pacing. Instead of scanning port ranges, we build a single valid Modbus session and request only basic configuration telemetry (FC 43/14 Read Device Identification). Probes are throttled to ensure zero queue accumulation, mapping assets safely without causing CPU starvation.
Security Best Practices
- Filter Port 502 traffic at firewall boundaries to authorized SCADA systems.
- Isolate legacy Modbus serial links using secure terminal servers.
- Deploy protocol-aware intrusion detection to alert on unexpected writes.
Need Safe Asset Auditing?
Validate compliance requirements continuously without introducing network risk. Join our waitlist.
Join Waitlist