Resilient. Secure. Compliant. NERC CIP and ICS/OT Security. We keep you ahead of your adversaries - and your auditors.

 ICS PCAP Analysis Challenge

technology-7571280_1920.jpg

Test Your OT Network Skills

 

Running ICS PCAP Analysis Challenge Dashboard

 

Put Your Industrial Cyber Skills to the Test

Step into the role of an ICS threat analyst with the ICS PCAP Analysis Challenge, a self-paced, online experience designed to sharpen your OT-focused packet analysis and threat hunting skills. Participants work through a curated packet capture (PCAP) file from a simulated industrial network, complete with common ICS protocols, misconfigurations, and attacker tradecraft.

This isn’t a quiz. It’s a hands-on, real-world challenge crafted by industrial cybersecurity professionals to test your ability to recognize what’s normal, detect what’s not, and think like a defender.

What You’ll Do

  • Analyze raw network traffic from a simulated ICS environment

  • Identify anomalies, suspicious behaviors, and indicators of compromise

  • Recognize protocol-specific nuances across Modbus, DNP3, Ethernet/IP, and others

  • Document findings through a guided challenge workbook

  • Submit your answers to receive a completion badge and optional walkthrough debrief

What You’ll Get

  • Access to the full PCAP file and a scenario brief

  • Challenge workbook to guide your analysis

  • Optional video debrief or written walkthrough

  • Completion badge and digital certificate (3 hours CPE)

  • Inclusion on our Challenge Leaderboard (opt-in)

  • Bonus: Follow-on challenge scenarios (coming soon)

Who Should Participate

This challenge is designed for:

  • OT security analysts and blue teamers looking to strengthen protocol analysis skills

  • Red team members exploring how industrial environments respond to abuse or scanning

  • SOC analysts and incident responders working in or transitioning to critical infrastructure

  • Students and professionals looking to gain practical ICS cybersecurity experience

Requirements

  • Entry-level familiarity with Wireshark or equivalent packet analysis tools

  • Interest in navigating PCAP files and interpreting protocol behavior

  • Wireshark

  • NetworkMiner

Access & Format

  • Delivery: 100% online, self-paced

  • FREE (no cost)

  • Time Estimate: 2–3 hours

  • Prerequisites: None (but some packet analysis experience is helpful)

 

Challenge Courses

Ready to Analyze? Put your skills to the test and see how well you know your ICS protocols.

DNP3 PCAP Analysis Challenge

In this challenge, you’ll investigate a set of network packets using the Distributed Network Protocol (DNP3) — a protocol widely used in electric utilities and SCADA systems for communication between control centers, substations, and field devices. Your mission is to uncover insights from the traffic using Wireshark and your analytical skills — no specialized plugins or dissectors required

 

CIP PCAP Analysis Challenge (Intermediate)

In this challenge, you’ll explore a set of network packets related to CIP (Common Industrial Protocol), often used in industrial systems like PLCs. Your task is to find answers using Wireshark and your detective skills — no custom tools or dissectors provided.

 

Modbus TCP PCAP Analysis Challenge (Intermediate)

In this challenge, you’ll examine a real-world packet capture of Modbus TCP, a widely-used industrial protocol for communication between SCADA masters and field devices (like RTUs, PLCs, or sensors). Your goal is to detect signs of suspicious behavior, particularly evidence of Man-in-the-Middle (MitM) activity, replay attacks, and unauthorized data manipulation.

 

Zigbee PCAP Analysis Challenge

In this challenge, you’ll investigate a real-world packet capture from a Zigbee-based home automation system (Control4). Zigbee is a low-power wireless mesh protocol designed for IoT and automation — with a layered architecture involving Network (NWK), Application Support (APS), and Zigbee Cluster Library (ZCL) layers.