hacktricks/pentesting/44818-ethernetip.md

# 44818/UDP/TCP - Pentesting EthernetIP

## **Protocol Information**

From Wikipedia article on EtherNet/IP [http://en.wikipedia.org/wiki/EtherNet/IP](http://en.wikipedia.org/wiki/EtherNet/IP)

> EtherNet/IP was developed in the late 1990s by Rockwell Automation as part of Rockwell's industrial Ethernet networking solutions. Rockwell gave EtherNet/IP its moniker and handed it over to ODVA, which now manages the protocol and assures multi-vendor system interoperability by requiring adherence to established standards whenever new products that utilize the protocol are developed today.

> EtherNet/IP is most commonly used in industrial automation control systems, such as for water processing plants, manufacturing facilities and utilities. Several control system vendors have developed programmable automation controllers and I/O capable of communicating via EtherNet/IP.

An EtherNet/IP device is positively identified by querying TCP/44818 with a list Identities Message (0x63). The response messages will determine if it is a EtherNet/IP device and parse the information to enumerate the device.\
From [here](https://github.com/digitalbond/Redpoint)

**Default port:** 44818 UDP/TCP

```
PORT      STATE SERVICE
44818/tcp open  EtherNet/IP
```

## **Enumeration**

```bash
nmap -n -sV --script enip-info -p 44818 <IP>
pip3 install cpppo
python3 -m cpppo.server.enip.list_services [--udp] [--broadcast] --list-identity -a <IP>
```

## Shodan

* `port:44818 "product name"`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`# 44818/UDP/TCP - Pentesting EthernetIP`

			`## Protocol Information`

			`From Wikipedia article on EtherNet/IP [http://en.wikipedia.org/wiki/EtherNet/IP](http://en.wikipedia.org/wiki/EtherNet/IP)`

			`> EtherNet/IP was developed in the late 1990s by Rockwell Automation as part of Rockwell's industrial Ethernet networking solutions. Rockwell gave EtherNet/IP its moniker and handed it over to ODVA, which now manages the protocol and assures multi-vendor system interoperability by requiring adherence to established standards whenever new products that utilize the protocol are developed today.`

			`> EtherNet/IP is most commonly used in industrial automation control systems, such as for water processing plants, manufacturing facilities and utilities. Several control system vendors have developed programmable automation controllers and I/O capable of communicating via EtherNet/IP.`

GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`An EtherNet/IP device is positively identified by querying TCP/44818 with a list Identities Message (0x63). The response messages will determine if it is a EtherNet/IP device and parse the information to enumerate the device.\`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`From [here](https://github.com/digitalbond/Redpoint)`

GitBook: [#2876] save 2021-11-30 16:46:07 +00:00			`Default port: 44818 UDP/TCP`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			```
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`PORT STATE SERVICE`
			`44818/tcp open EtherNet/IP`
			```

			`## Enumeration`

			```bash
			`nmap -n -sV --script enip-info -p 44818 <IP>`
			`pip3 install cpppo`
			`python3 -m cpppo.server.enip.list_services [--udp] [--broadcast] --list-identity -a <IP>`
			```

GitBook: [master] one page modified 2020-10-05 12:24:52 +00:00			`## Shodan`

			* `port:44818 "product name"`