You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@plc4x.apache.org by Christofer Dutz <ch...@c-ware.de> on 2020/10/02 07:59:05 UTC

Some interesting sources for PCAP captures

Hi all,

I just thought it would be cool if we could start building some testsuite, that fetches known sources of pcap files and then simply replays them against our drivers.
This way we should be able to harden our drivers against the stuff that’s out there in the wild.

Here’s a list of some sources:
http://kargs.net/captures/ (Mostly BACnet/IP stuff)
https://github.com/automayt/ICS-pcap
https://www.netresec.com/?page=PcapFiles (Probably we shouldn’t implement drivers for trojans … but contains further lists of repos with captures ;-) )


What do you think?

Chris

Re: Some interesting sources for PCAP captures

Posted by Łukasz Dywicki <lu...@code-house.org>.

I wlll add additionally this:
https://github.com/dnp3/dnp3.github.io/tree/master/conformance

This directory contains DNP3 dumps. We currently have no support for it,
but it seems to be enhanced modbus. Quite popular in energy/utilities
sector. :-)

Best,
Łukasz

On 02.10.2020 09:59, Christofer Dutz wrote:
> Hi all,
> 
> I just thought it would be cool if we could start building some testsuite, that fetches known sources of pcap files and then simply replays them against our drivers.
> This way we should be able to harden our drivers against the stuff that’s out there in the wild.
> 
> Here’s a list of some sources:
> http://kargs.net/captures/ (Mostly BACnet/IP stuff)
> https://github.com/automayt/ICS-pcap
> https://www.netresec.com/?page=PcapFiles (Probably we shouldn’t implement drivers for trojans … but contains further lists of repos with captures ;-) )
> 
> 
> What do you think?
> 
> Chris
>