Assessing and Exploiting
Control Network Captures

Module Outline:

  • Examples when to use

  • Overview of methodology

  • Traffic Capture

    • Hardware and software to use

    • Suggested configurations

  • Endpoint and Flow Analysis

    • Common TCP/IP based ICS protocols

    • Exercise: Using Wireshark for endpoint and flow analysis

    • Exercise: Using GrassMarlin

  • Known Protocol Analysis

    • Deepdive into Modbus TCP

    • Exercise: Analysing Modbus TCP captures

    • Exercise: Using zeek with Modbus TCP

    • Exercise: Using strings on control protocols

    • Overview of ProfiNet, EnternetIP/CIP, OPC, DNP3, IEC 104, IEC 61850, ICCP

  • Unknown Protocol Analysis

    • Exercise: Finding unknown protocols with Wireshark

    • Exercise: Entropy analysis of network payloads

    • Exercise: Using GrassMarlin on unknown protocols

  • Gap Analysis with Security Architecture Review


  • ControlThings Platform Virtual Machine


  • None