Protocol-aware CIP/EtherNet-IP deep packet inspection test harness. CIPDIP generates strict ODVA-framed traffic with optional vendor-variant profiles, designed for evaluating industrial firewall DPI engines, validating protocol implementations, and testing CIP/ENIP security controls.
- Firewall DPI evaluation -- Generate controlled CIP traffic to measure detection accuracy, false positive rates, and protocol parsing depth
- Protocol compliance testing -- Validate ODVA-compliant framing, connection lifecycle, and service handling
- Security research -- Test evasion techniques (TCP segmentation, timing manipulation, protocol anomalies) against industrial DPI engines
- Device interoperability -- Verify CIP behavior across Rockwell, Schneider, Siemens, and other vendor implementations
- Interactive TUI Dashboard -- Real-time traffic visualization, service stats, error tracking, and workspace management
- 21 Test Scenarios -- Baseline, stress, I/O, edge cases, vendor variants, PCCC, Modbus, DPI explicit messaging, evasion, and firewall regression packs
- Server Emulator -- Adapter and Logix-like personalities with configurable responses, fault injection, and session policies
- PCAP Analysis -- Summary, coverage, diff, replay, rewrite, hex dump, and multi-file analysis modes
- Distributed Orchestration -- Run manifests, multi-agent coordination via SSH, run bundles with integrity verification
- CIP Service Catalog -- Browse and test CIP services with live device requests
- TCP Metrics -- Retransmit, reset, and lost segment detection via tshark integration
- Protocol Profiles -- Strict ODVA, Rockwell, Schneider M580, Siemens S7-1200, and legacy compatibility modes
- Go 1.26+ (build from source)
- Optional: tshark (Wireshark CLI) for TCP-level metrics
- Optional: libpcap / npcap for packet capture and ARP resolution
# Build
go build ./cmd/cipdip
# Launch interactive TUI
./cipdip ui
# Or use CLI directly
./cipdip client --ip 10.0.0.50 --scenario baseline
./cipdip server --personality adapter
./cipdip pcap-summary --input capture.pcap
./cipdip single --ip 10.0.0.50 --service 0x0E --class 0x01 --instance 0x01 --attribute 0x01# From source
git clone https://github.com/tonylturner/cipdip.git
cd cipdip
go build ./cmd/cipdip
# Install to PATH
go install ./cmd/cipdip
# Or use the built-in installer (copies to system PATH)
./cipdip installThe interactive dashboard (cipdip ui) provides a unified workspace with real-time monitoring:
| Panel | Description |
|---|---|
| TRAFFIC | Braille graph showing reads, writes, errors, and other operations |
| STATS | Real-time counters for requests, errors, connections |
| SERVICES | Bar chart of CIP service distribution |
| RECENT RUNS | History of client, server, and PCAP operations |
| ERRORS | Validation errors, TCP metrics, CIP error responses |
Keyboard: c client, s server, p PCAP, k catalog, Tab cycle panels, h help, q quit
# Scenarios
./cipdip client --ip TARGET --scenario baseline # Low-frequency read polling
./cipdip client --ip TARGET --scenario stress # High-frequency reads
./cipdip client --ip TARGET --scenario mixed # Reads + writes
./cipdip client --ip TARGET --scenario churn # Connection cycling
./cipdip client --ip TARGET --scenario io # ForwardOpen + UDP I/O
./cipdip client --ip TARGET --scenario dpi_explicit # 6-phase DPI stress test
./cipdip client --ip TARGET --scenario evasion_segment # TCP segmentation evasion
./cipdip client --ip TARGET --scenario pccc # PCCC-over-CIP (legacy PLC)
./cipdip client --ip TARGET --scenario modbus # Modbus-over-CIP
# PCAP analysis
./cipdip pcap-summary --input capture.pcap
./cipdip pcap-coverage --dir pcaps/
./cipdip pcap-diff --file1 before.pcap --file2 after.pcap
./cipdip pcap-replay --input capture.pcap --server-ip TARGET --app-only
# Orchestration
./cipdip run manifest path/to/manifest.yaml
./cipdip bundle verify runs/my-run
./cipdip agent check ssh://user@host
# Discovery
./cipdip discover --timeout 5
# Metrics analysis
./cipdip metrics-analyze --input results/baseline_metrics.csv
./cipdip metrics-report --dir results/
# Help
./cipdip help
./cipdip <command> --helpCIPDIP provides an end-to-end workflow for running all 20 DPI test scenarios against the built-in server emulator, collecting per-scenario metrics, and generating a batch-aligned report covering all 8 DPI test batches.
# 1. Run all scenarios via selftest (starts in-process server, runs all 20 scenarios)
./cipdip selftest --scenarios all --metrics-dir results/ --duration-seconds 30
# 2. Generate the batch-aligned DPI test report
./cipdip metrics-report --dir results/
# 3. Analyze a single scenario's metrics in detail
./cipdip metrics-analyze --input results/baseline_metrics.csvselftest writes one *_metrics.csv per scenario plus a _manifest.json for run coherence tracking. metrics-report reads all CSVs, groups them by batch (1-8), and prints per-batch metrics tables matching the DPI test batches specification. metrics-analyze provides detailed statistics for a single CSV file.
cipdip_client.yaml-- Client targets, I/O connections, protocol settingscipdip_server.yaml-- Server personality, assemblies, tags
See Configuration Guide for full reference.
| Document | Description |
|---|---|
| Configuration | Full client/server YAML reference |
| Examples | Usage examples and workflows |
| Compliance Testing | Test methodology and validation |
| PCAP Usage | Capture analysis modes |
| Orchestration | Distributed test coordination |
| Run Manifests | Manifest YAML schema |
| CIP Reference | Protocol implementation details |
| Hardware Setup | Lab environment setup |
| Troubleshooting | Common issues and fixes |
| TUI Guide | Dashboard navigation |
| Vendor Notes | Rockwell, Schneider, Siemens, Omron, Keyence |
cipdip/
├── cmd/cipdip/ # CLI entry point (Cobra)
├── internal/
│ ├── cip/ # CIP protocol (codec, client, spec)
│ ├── enip/ # EtherNet/IP framing, CPF items
│ ├── server/ # Emulator (core, handlers, vendor logic)
│ ├── scenario/ # 21 test scenarios
│ ├── evasion/ # DPI evasion techniques
│ ├── pcap/ # PCAP parsing, replay, coverage
│ ├── tui/ # Interactive dashboard (bubbletea)
│ ├── orch/ # Orchestration (controller, bundles)
│ ├── transport/ # Local + SSH execution
│ ├── metrics/ # Latency, jitter, misclassification
│ ├── config/ # YAML config loading
│ └── validation/ # Loopback and Wireshark validation
├── catalogs/ # CIP service definitions
├── profiles/ # Device test profiles
├── baseline_captures/ # Synthetic reference PCAPs
├── docs/ # User documentation
└── agents.yaml.example # Agent registry template
A CycloneDX Software Bill of Materials is available at docs/sbom.cdx.json.
Contributions are welcome. Please open an issue to discuss proposed changes before submitting a pull request.