Checker
Modbus/TCP traffic checker that validates generated PCAP/PCAPNG traces against Modbus rules, request/response pairing, and optional expected fields supplied via JSONL sidecar metadata.
What It Does
- Parses Ethernet/RAW PCAP packets, extracts TCP payloads
- Validates MBAP header and basic Modbus/TCP invariants
- Parses PDU fields using descriptor JSON (request/response)
- Tracks outstanding requests and flags unmatched responses
- Compares observed values with optional expected fields in JSONL
- Emits a JSON report with findings and a summary
Build
cargo build
Run
cargo run -- \
--pcap trace.pcapng \
--meta trace.meta.jsonl \
--config modbus.json \
--report report.json \
--port 502 \
--mode mvp
Sample CLI with the example files:
cargo run -- \
--pcap trace.pcapng \
--meta docs/examples/trace.meta.jsonl \
--config docs/examples/modbus.json \
--report report.json
CLI Options
--pcap <path>: PCAP or PCAPNG input file--meta <path>: JSONL sidecar metadata (1 line per packet)--config <path>: Modbus descriptor JSON--report <path>: Report JSON output (default:report.json)--port <u16>: Modbus/TCP port (default:502)--mode mvp|strict: Validation mode (default:mvp)--fail-fast: Stop on first fatal error
Files and Formats
See docs/api.md for the full schema of:
trace.meta.jsonllines- Modbus descriptor JSON
report.jsonoutput
Example files live in docs/examples/:
docs/examples/trace.meta.jsonldocs/examples/modbus.jsondocs/examples/report.json
Notes
- This checker assumes one Modbus ADU per TCP payload.
- TCP reassembly and checksum validation are not implemented.