CHEATSHEET

Communication
Protocols in
Industrial Control
System/Operational
Technology
 ICS/OT Protocol Cheat sheet

Common ICS Protocols

Protocol Description Serial/Ethernet Port Number

IEC 60870-5-101 Used for communication between electrical Serial NA works on
power systems and devices for telecontrol RS-232, RS-485,
and tele-protection. or RS-422
IEC 60870-5-104 Used for communication between electrical Ethernet (TCP) 2404
power systems and devices for telecontrol
and tele-protection.
IEC 61850 Used for communication between intelligent Ethernet (TCP) 102
electronic devices (IEDs) in electrical power
systems.
OPC (OLE for Protocol used for communication between Ethernet (TCP) 135 (Uses
Process Control) industrial automation systems and DCP/RCE in
enterprise systems. Microsoft)
CC-Link IE Protocol used for communication between Ethernet (UDP) Various
industrial devices and enterprise networks,
primarily used by Mitsubishi Electric. A
token-passing protocol that operates at the
Ethernet data link layer (Layer 2) using the
IEEE 802.3
ModbusTCP Protocol used for communication between Ethernet (TCP) 502
Modbus devices over TCP/IP networks
LonWorks Used for communication between building Serial and 1628 (for
automation systems and devices Ethernet TCP/UDP)
(TCP/UDP)
MQTT Used for communication between IoT Ethernet (TCP) 1883 (non-
devices and enterprise systems. Lightweight encrypted),
messaging protocol for Internet of Things 8883 (TLS
(IoT) devices encrypted)
ControlNet Used for communication between industrial Ethernet 2222
control devices, including programmable
logic controllers (PLCs), primarily used by
Rockwell Automation. Industrial control
network for real-time applications
KNX Used for communication between building Serial, Ethernet 3671 (UDP)
automation systems and devices (TCP/UDP)
EtherCAT Real-time Industrial Ethernet protocol used Ethernet 34962
for communication between industrial
automation systems and devices, primarily
used by Beckhoff Automation.
CIP (Common Application layer protocol for industrial Ethernet 44818 (Various
Industrial automation devices, used for (TCP/UDP) others as well)
Protocol) communication between industrial

1
 ICS/OT Protocol Cheat sheet

automation systems and devices, primarily

used by Rockwell Automation.
EIP Protocol used for communication between Ethernet 44818 (TCP),
(EthernetNet/IP) industrial automation systems and devices, (TCP/UDP) 2222 (UDP)
primarily used by Rockwell Automation
BACnet/IP Protocol used for communication between Ethernet (UDP) 47808
building automation systems and devices
over IP networks.
ADS Communication protocol for TwinCAT Ethernet 48899
automation software used for (TCP/UDP) (TCP/UDP)
communication between industrial
automation systems and devices, primarily
used by Beckhoff Automation.
Foundation Digital communication protocol for process Serialbus NA
Fieldbus automation used for communication
between industrial automation systems and
field devices
PROFIBUS Protocol used for communication between Serial NA
industrial automation systems and field
devices, primarily used by Siemens
DNP3 Communication protocol for SCADA systems Serial and 20000-20002
used for communication between various Ethernet
types of data acquisition and control (TCP/UDP)
equipment in Electrical Systems.
CODESYS Protocol used for communication between Ethernet 2455, 2456 1217
industrial automation systems and devices, (TCP/UDP) (TCP/UDP)
primarily used by 3S-Smart Software
Solutions
Profinet Protocol used for communication between Ethernet 34962 ,
industrial automation systems and field 34963(UDP),
devices, primarily used by Siemens. Has 3 34964 (TCP)
different modes TCP/IP with latency >10ms,
Realtime(RT) with latency 1-10ms and IRT
with Latency <1ms.
CAN bus Communication protocol for Serial NA (non IP-
microcontroller-based systems in based)
automotive and industrial applications.
HART Protocol used for communication between Serial NA (non IP-
smart instruments and control systems based)
J1939 Protocol used in heavy-duty vehicles for Serial N/A (non IP-
communication between microcontrollers based)
Meter-Bus Protocol used for communication between Serial and 10001 (TCP)
utility meters and data collection devices Ethernet (TCP)

2
 ICS/OT Protocol Cheat sheet

NMEA 0183 Communication protocol for marine Serial N/A (non IP-
electronics, such as GPS devices. based)
ISO-TSAP A protocol used for communication between Ethernet (TCP) TCP: 102, 104
(Transport systems using the OSI model. ISO-TSAP
Service Access provides a layer of abstraction between the
Point) application layer and the lower layers,
allowing different application-layer
protocols to be used with different lower-
layer protocols. ISO-TSAP is used as the
transport layer for S7Comm and ICCP.
S7Comm Communication protocol for Siemens S7 Ethernet 102 (TCP)
PLCs (Programmable Logic Controllers) 161 (UDP)
based on ISO-TSAP.
ICCP (Inter- A protocol used for communication between Ethernet 102, 410 (TCP)
Control Center control centers in electrical power grids.
Communications ICCP is based on the OSI model and includes
Protocol) multiple layers, including a transport layer
based on TCP or TP4.
OPC (OLE for A set of standards for communication Ethernet (TCP) OPC DA: 135,
Process Control) between devices in industrial automation 137, 138, 139,
systems, such as sensors, PLCs, and human- 445, 4840-4843;
machine interfaces. OPC includes multiple OPC AE: 135,
protocols, including OPC DA (Data Access), 137, 138, 139,
OPC AE (Alarms and Events), and OPC UA 445; OPC UA:
(Unified Architecture). OPC UA is the latest 4840-4843
and most secure version, supporting (TCP)
encryption and authentication. OPC uses
various transport protocols, including ISO-
TSAP, TCP, and HTTP.

Vendor specific Protocols

Protocol Vendor Description Port Number

ADS Beckhoff Protocol used for communication between 48898
Automation industrial automation systems and devices
CC-Link IE Mitsubishi Electric Protocol used for communication between 304
industrial devices and enterprise networks
CIP Rockwell Protocol used for communication between 44818
Automation industrial automation systems and devices
CODESYS 3S-Smart Protocol used for communication between 2455, 2456
Software industrial automation systems and devices
Solutions

3
 ICS/OT Protocol Cheat sheet

ControlNet Rockwell Protocol used for communication between 2222

Automation industrial control devices, including
programmable logic controllers (PLCs)
EtherCAT Beckhoff Protocol used for communication between 34962
Automation industrial automation systems and devices
EtherNet/IP Rockwell Protocol used for communication between 44818
Automation industrial devices and enterprise networks
PROFIBUS Siemens Protocol used for communication between 102, 161
industrial automation systems and field
devices
Profinet Siemens Protocol used for communication between 34962, 18534
industrial automation systems and field
devices
Protocol Name Vendor Description Port Number

Data Historian Specific Protocols

Protocol Description Port Number

OPC Commonly used in industrial automation to TCP 135 and dynamic ports
allow devices and systems to communicate with
each other using a standard interface
SQL Standard language used to manage relational TCP 1433 or other port
databases, commonly used in data historians to configured by the SQL
query and store historical data server
ODBC Standard interface used to access various types N/A (uses TCP/IP and
of databases, including SQL-based databases dynamic ports)
JDBC Java-based interface used to access various N/A (uses TCP/IP and
types of databases, including SQL-based dynamic ports)
databases
Modbus Serial communications protocol commonly TCP 502 or other port
used in industrial automation and data configured by the Modbus
acquisition systems to transmit signals from server
instrumentation and control devices
DNP3 Protocol used in the utility industry to TCP 20000 or other port
communicate between different types of configured by the DNP3
equipment, including data historians server
Protocol Description Port Number
OPC Commonly used in industrial automation to TCP 135 and dynamic ports
allow devices and systems to communicate with
each other using a standard interface
SQL Standard language used to manage relational TCP 1433 or other port
databases, commonly used in data historians to configured by the SQL
query and store historical data server

4
 ICS/OT Protocol Cheat sheet

Database Protocols used in ICS

Database Protocol Default Port

Microsoft SQL Server 1433
Oracle Database 1521
MySQL 3306
PostgreSQL 5432
Redis 6379
Cassandra 9042

IT Protocols used in ICS

Protocol Super Short Description Default Port Number

DHCP Automatically assigns IP addresses to devices on a 67, 68
network
DHCP Dynamic Host Configuration Protocol - Used to assign UDP 67, 68
IP addresses and other network configuration
information to devices on a network.
DNS Translates domain names to IP addresses 53
FTP File transfer protocol 21
HTTP Web browsing protocol 80
HTTPS Secure web browsing protocol 443
ICMP Diagnostic protocol, also known as ping N/A
IEEE 1588 Precise time synchronization protocol used in industrial N/A (not IP-based)
automation systems and process control
IMAP Receives email over the network 143
JDBC Protocol used for accessing databases, similar to ODBC N/A
but for Java-based applications
Kerberos Secure authentication protocol 88
LDAP Accesses and maintains distributed directory 389
information services
LLDP Link Layer Discovery Protocol - Used to advertise and Ethernet
discover network devices and their capabilities.
LLMNR Link-Local Multicast Name Resolution - Used for name UDP 5355
resolution on local networks when DNS is not available.
NTP Synchronizes clocks between devices 123
ODBC Protocol used for accessing databases N/A

5
 ICS/OT Protocol Cheat sheet

OPC UA Protocol used for communication between industrial 4840

automation systems and enterprise systems, including
for data acquisition and database synchronization
POP3 Receives email over the network 110
PTP Precise time synchronization protocol used in industrial N/A (not IP-based)
automation systems and process control
RDP Remote desktop access protocol 3389
SFTP Secure file transfer protocol 22
SMB File and printer sharing protocol 139, 445
SMTP Sends email over the network 25
SNMP Simple Network Management Protocol - Used to UDP 161, 162
manage and monitor network devices, including
routers, switches, and servers.
SNTP Protocol used for time synchronization in networked 123
environments
SSH Secure remote access protocol 22
SSL/TLS Secure communication protocol used for encrypting N/A
data transmitted via HTTP, SMTP, FTP, and other
protocols
TCP/IP Network communication protocol N/A
DHCP Automatically assigns IP addresses to devices on a 67, 68
network
DHCP Dynamic Host Configuration Protocol - Used to assign UDP 67, 68
IP addresses and other network configuration
information to devices on a network.
DNS Translates domain names to IP addresses 53
FTP File transfer protocol 21