SlideShare a Scribd company logo

You name it, we analyze it

Download as PPTX, PDF
Jim Gilsinn
Jim Gilsinn

With the ever increasing number of networking protocols, it can be difficult for vendors, integrators, and end-users to determine how well different products and systems perform in real-world networking situations. Each protocol has their own method of defining traffic streams and message structures. Packet analyzers, like Wireshark, have been developed to interpret individual network packets and can perform rudimentary analysis of traffic streams for well-known packet types. Analyzing industrial protocols usually requires much more massaging of the data and in many cases requires a user to do much of the work by hand. This session will present a method to break-down industrial traffic streams into the core components necessary to analyze their performance. By identifying a few key fields in each protocol, a user can define their own method to identify individual traffic streams and analyze their performance.

Technology
1 of 12
You Name It, We Analyze It! Jim Gilsinn Kenexis Consulting Corporation You Name It, We Analyze It! 1
Industrial Network Types & Metrics: Publish/Subscribe • Publish/subscribe or peer-to-peer communications • Main performance metric: Cyclic frequency variability/jitter • Real-time EtherNet/IP™ uses publish/subscribe • Requested/Accepted Packet Interval (RPI/API) • Measured Packet Interval (MPI) You Name It, We Analyze It! 2
Industrial Network Types & Metrics: Publish/Subscribe Subscriber TSub_Com_Init Publisher TPub_Com_Init TPub_1 TPub_2 TSub_M . . . • Difference between TPub_Com_Init & TSub_Com_Init is network roundtrip delay • TPub_Com_Init, TSub_Com_Init not important • Variability in TPub much more important • Theoretically, TPub doesn’t need to match Tsub TPub_N-1 TPub_N You Name It, We Analyze It! • In production systems, they are the same 3
Performance Testing Methodology: Performance Metrics • Command/response or master/slave communications • Main performance metric: Latency • Large numbers of protocols use this • Most (All?) PC-based server/client protocols – HTTP(S), (S)FTP, etc. • Most industrial protocols – Modbus/TCP, Profinet, Ethercat, etc. You Name It, We Analyze It! 4
Industrial Network Types & Metrics: Command/Response Commander TCom_Delay_1 Responder TRes_1 • Difference between TCom_Delay & TRes is network roundtrip delay • Latency in TCom & TRes important TCom_1 TCom_Delay_2 TRes_2 TCom_2 You Name It, We Analyze It! 5
Isolating Traffic Streams • Isolating traffic streams can be tricky • 10’s – 100’s of traffic streams in production environment • Your Wireshark Fu must be strong! • Usually requires additional post-processing • Multiple streams can exist between same devices You Name It, We Analyze It! 6
Isolating Traffic Streams • Traffic pairs • • • • Source IP/MAC address Destination IP/MAC address Source TCP/UDP port Destination TCP/UDP port • Publish/Subscribe • Communication stream ID • Sequence number (optional) • Command/Response • Command message/field • Response message/field • Message ID (optional) You Name It, We Analyze It! 7
Test Time vs. Packet Interval Measured Packet Interval (ms) ~62 sec test Mean MPI = 2ms Min ~ 1.2 Max ~ 2.9 Test Time (s) You Name It, We Analyze It! 8
Time Plot for Command/Response Regular Pattern to Delayed Packets Regular Pattern of Minimal Delayed Packets You Name It, We Analyze It! 9
Command/Response Timing Plots • Quick succession of command/response packets • Minimal delay in command/response sequence • Apparently large delay in a single packet • Example: Rockwell tag reads Delay Until Next Time Sequence Quick Succession Read Commands You Name It, We Analyze It! 10
Next Steps • Streamline traffic stream processing • Develop better command/response code • Build more mathematical statistical models • Add graphical modeling of time & frequency domain • Add more industrial protocols and obtain example files • • • • • Modbus Profinet DNP3 61850 And others… You Name It, We Analyze It! 11
Questions • Contact Me • • • • • • Jim Gilsinn 301-706-9985 or 614-323-2254 jim.gilsinn@kenexis.com Twitter – @JimGilsinn LinkedIn – http://www.linkedin.com/in/jimgilsinn/ SlideShare – http://www.slideshare.net/gilsinnj You Name It, We Analyze It! 12

Recommended

ICS Performance Lab
ICS Performance LabICS Performance Lab
ICS Performance LabJim Gilsinn
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksJim Gilsinn
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Sailaja Tennati
 
Spirent Accelerating SDN and NFV Deployments
Spirent Accelerating SDN and NFV DeploymentsSpirent Accelerating SDN and NFV Deployments
Spirent Accelerating SDN and NFV DeploymentsSailaja Tennati
 
Chapter12
Chapter12Chapter12
Chapter12Muhammad Ahad
 
Stinson post si and verification
Stinson post si and verificationStinson post si and verification
Stinson post si and verificationObsidian Software
 
Production Ready Microservices at Scale
Production Ready Microservices at ScaleProduction Ready Microservices at Scale
Production Ready Microservices at ScaleRajeev Bharshetty
 
Time Critical Networks
Time Critical NetworksTime Critical Networks
Time Critical NetworksLars Bröhne
 

Recommended

ICS Performance Lab
ICS Performance LabICS Performance Lab
ICS Performance LabJim Gilsinn
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksJim Gilsinn
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Sailaja Tennati
 
Spirent Accelerating SDN and NFV Deployments
Spirent Accelerating SDN and NFV DeploymentsSpirent Accelerating SDN and NFV Deployments
Spirent Accelerating SDN and NFV DeploymentsSailaja Tennati
 
Chapter12
Chapter12Chapter12
Chapter12Muhammad Ahad
 
Stinson post si and verification
Stinson post si and verificationStinson post si and verification
Stinson post si and verificationObsidian Software
 
Production Ready Microservices at Scale
Production Ready Microservices at ScaleProduction Ready Microservices at Scale
Production Ready Microservices at ScaleRajeev Bharshetty
 
Time Critical Networks
Time Critical NetworksTime Critical Networks
Time Critical NetworksLars Bröhne
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetPerforce
 
Free training on NCM - Discovery & Disaster recovery
Free training on NCM - Discovery & Disaster recovery Free training on NCM - Discovery & Disaster recovery
Free training on NCM - Discovery & Disaster recovery ManageEngine, Zoho Corporation
 
Validating Next Generation CPUs
Validating Next Generation CPUsValidating Next Generation CPUs
Validating Next Generation CPUsDVClub
 
Understanding Hacker Tools and Techniques: A live Demonstration
Understanding Hacker Tools and Techniques: A live Demonstration Understanding Hacker Tools and Techniques: A live Demonstration
Understanding Hacker Tools and Techniques: A live Demonstration EnergySec
 
Chapter08
Chapter08Chapter08
Chapter08Muhammad Ahad
 
Daniel Cross, Electronics Engineer
Daniel Cross, Electronics EngineerDaniel Cross, Electronics Engineer
Daniel Cross, Electronics EngineerDaniel Cross
 
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseHIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseAdaCore
 
Network and server performance monitoring training
Network and server performance monitoring trainingNetwork and server performance monitoring training
Network and server performance monitoring trainingManageEngine, Zoho Corporation
 
Securing your telco cloud
Securing your telco cloud Securing your telco cloud
Securing your telco cloud OPNFV
 
Embedded Webinar #17 "Low-level Network Testing in Embedded Devices Development"
Embedded Webinar #17 "Low-level Network Testing in Embedded Devices Development"Embedded Webinar #17 "Low-level Network Testing in Embedded Devices Development"
Embedded Webinar #17 "Low-level Network Testing in Embedded Devices Development"GlobalLogic Ukraine
 
IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4Sailaja Tennati
 
sree profile
sree profilesree profile
sree profilesrihari p
 
Come See What’s Cooking in My Lab
Come See What’s Cooking in My LabCome See What’s Cooking in My Lab
Come See What’s Cooking in My LabEnergySec
 
The Cortex-A15 Verification Story
The Cortex-A15 Verification StoryThe Cortex-A15 Verification Story
The Cortex-A15 Verification StoryDVClub
 
Vp ns
Vp nsVp ns
Vp nsAyano Midakso
 
Securing NFV and SDN Integrated OpenStack Cloud: Challenges and Solutions
Securing NFV and SDN Integrated OpenStack Cloud: Challenges and SolutionsSecuring NFV and SDN Integrated OpenStack Cloud: Challenges and Solutions
Securing NFV and SDN Integrated OpenStack Cloud: Challenges and SolutionsTrinath Somanchi
 
Enterprise Network Monitoring Software by ServicePilot
Enterprise Network Monitoring Software by ServicePilotEnterprise Network Monitoring Software by ServicePilot
Enterprise Network Monitoring Software by ServicePilotServicePilot
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkGreater Noida Institute Of Technology
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
Software Defined Network - SDN
Software Defined Network - SDNSoftware Defined Network - SDN
Software Defined Network - SDNVenkata Naga Ravi
 
A Child Like Approach to Grid Cybersecurity
A Child Like Approach to Grid CybersecurityA Child Like Approach to Grid Cybersecurity
A Child Like Approach to Grid CybersecurityRobert M. Lee
 
Wireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerWireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerJim Gilsinn
 

More Related Content

What's hot

Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetPerforce
 
Validating Next Generation CPUs
Validating Next Generation CPUsValidating Next Generation CPUs
Validating Next Generation CPUsDVClub
 
Understanding Hacker Tools and Techniques: A live Demonstration
Understanding Hacker Tools and Techniques: A live Demonstration Understanding Hacker Tools and Techniques: A live Demonstration
Understanding Hacker Tools and Techniques: A live Demonstration EnergySec
 
Daniel Cross, Electronics Engineer
Daniel Cross, Electronics EngineerDaniel Cross, Electronics Engineer
Daniel Cross, Electronics EngineerDaniel Cross
 
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseHIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseAdaCore
 
Securing your telco cloud
Securing your telco cloud Securing your telco cloud
Securing your telco cloud OPNFV
 
Embedded Webinar #17 "Low-level Network Testing in Embedded Devices Development"
Embedded Webinar #17 "Low-level Network Testing in Embedded Devices Development"Embedded Webinar #17 "Low-level Network Testing in Embedded Devices Development"
Embedded Webinar #17 "Low-level Network Testing in Embedded Devices Development"GlobalLogic Ukraine
 
IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4Sailaja Tennati
 
sree profile
sree profilesree profile
sree profilesrihari p
 
Come See What’s Cooking in My Lab
Come See What’s Cooking in My LabCome See What’s Cooking in My Lab
Come See What’s Cooking in My LabEnergySec
 
The Cortex-A15 Verification Story
The Cortex-A15 Verification StoryThe Cortex-A15 Verification Story
The Cortex-A15 Verification StoryDVClub
 
Securing NFV and SDN Integrated OpenStack Cloud: Challenges and Solutions
Securing NFV and SDN Integrated OpenStack Cloud: Challenges and SolutionsSecuring NFV and SDN Integrated OpenStack Cloud: Challenges and Solutions
Securing NFV and SDN Integrated OpenStack Cloud: Challenges and SolutionsTrinath Somanchi
 
Enterprise Network Monitoring Software by ServicePilot
Enterprise Network Monitoring Software by ServicePilotEnterprise Network Monitoring Software by ServicePilot
Enterprise Network Monitoring Software by ServicePilotServicePilot
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
Software Defined Network - SDN
Software Defined Network - SDNSoftware Defined Network - SDN
Software Defined Network - SDNVenkata Naga Ravi
 

What's hot (20)

Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and Interset
 
Free training on NCM - Discovery & Disaster recovery
Free training on NCM - Discovery & Disaster recovery Free training on NCM - Discovery & Disaster recovery
Free training on NCM - Discovery & Disaster recovery
 
Validating Next Generation CPUs
Validating Next Generation CPUsValidating Next Generation CPUs
Validating Next Generation CPUs
 
Understanding Hacker Tools and Techniques: A live Demonstration
Understanding Hacker Tools and Techniques: A live Demonstration Understanding Hacker Tools and Techniques: A live Demonstration
Understanding Hacker Tools and Techniques: A live Demonstration
 
Chapter08
Chapter08Chapter08
Chapter08
 
Daniel Cross, Electronics Engineer
Daniel Cross, Electronics EngineerDaniel Cross, Electronics Engineer
Daniel Cross, Electronics Engineer
 
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseHIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
 
Network and server performance monitoring training
Network and server performance monitoring trainingNetwork and server performance monitoring training
Network and server performance monitoring training
 
Securing your telco cloud
Securing your telco cloud Securing your telco cloud
Securing your telco cloud
 
Embedded Webinar #17 "Low-level Network Testing in Embedded Devices Development"
Embedded Webinar #17 "Low-level Network Testing in Embedded Devices Development"Embedded Webinar #17 "Low-level Network Testing in Embedded Devices Development"
Embedded Webinar #17 "Low-level Network Testing in Embedded Devices Development"
 
IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4
 
sree profile
sree profilesree profile
sree profile
 
Come See What’s Cooking in My Lab
Come See What’s Cooking in My LabCome See What’s Cooking in My Lab
Come See What’s Cooking in My Lab
 
The Cortex-A15 Verification Story
The Cortex-A15 Verification StoryThe Cortex-A15 Verification Story
The Cortex-A15 Verification Story
 
Vp ns
Vp nsVp ns
Vp ns
 
Securing NFV and SDN Integrated OpenStack Cloud: Challenges and Solutions
Securing NFV and SDN Integrated OpenStack Cloud: Challenges and SolutionsSecuring NFV and SDN Integrated OpenStack Cloud: Challenges and Solutions
Securing NFV and SDN Integrated OpenStack Cloud: Challenges and Solutions
 
Enterprise Network Monitoring Software by ServicePilot
Enterprise Network Monitoring Software by ServicePilotEnterprise Network Monitoring Software by ServicePilot
Enterprise Network Monitoring Software by ServicePilot
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentation
 
Software Defined Network - SDN
Software Defined Network - SDNSoftware Defined Network - SDN
Software Defined Network - SDN
 

Viewers also liked

A Child Like Approach to Grid Cybersecurity
A Child Like Approach to Grid CybersecurityA Child Like Approach to Grid Cybersecurity
A Child Like Approach to Grid CybersecurityRobert M. Lee
 
Wireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerWireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerJim Gilsinn
 
The 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseThe 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseChristiaan Beek
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
 
Low-Cost ICS Network Performance Testing
Low-Cost ICS Network Performance TestingLow-Cost ICS Network Performance Testing
Low-Cost ICS Network Performance TestingJim Gilsinn
 
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsIntegrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsJim Gilsinn
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMJim Gilsinn
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...PECB
 
Cook Like a Hacker!
Cook Like a Hacker!Cook Like a Hacker!
Cook Like a Hacker!Jim Gilsinn
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Jim Gilsinn
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSJim Gilsinn
 
Test Tool for Industrial Ethernet Network Performance (June 2009)
Test Tool for Industrial Ethernet Network Performance (June 2009)Test Tool for Industrial Ethernet Network Performance (June 2009)
Test Tool for Industrial Ethernet Network Performance (June 2009)Jim Gilsinn
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with WiresharkJim Gilsinn
 

Viewers also liked (16)

A Child Like Approach to Grid Cybersecurity
A Child Like Approach to Grid CybersecurityA Child Like Approach to Grid Cybersecurity
A Child Like Approach to Grid Cybersecurity
 
Wireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerWireshark Network Protocol Analyzer
Wireshark Network Protocol Analyzer
 
The 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseThe 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypse
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and Production
 
Low-Cost ICS Network Performance Testing
Low-Cost ICS Network Performance TestingLow-Cost ICS Network Performance Testing
Low-Cost ICS Network Performance Testing
 
Integrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of StandardsIntegrating the Alphabet Soup of Standards
Integrating the Alphabet Soup of Standards
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
 
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
Vulnerability Assessment and Penetration Testing in online SCADA ICS Environm...
 
Cook Like a Hacker!
Cook Like a Hacker!Cook Like a Hacker!
Cook Like a Hacker!
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
 
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
 
Test Tool for Industrial Ethernet Network Performance (June 2009)
Test Tool for Industrial Ethernet Network Performance (June 2009)Test Tool for Industrial Ethernet Network Performance (June 2009)
Test Tool for Industrial Ethernet Network Performance (June 2009)
 
Network Packet Analysis with Wireshark
Network Packet Analysis with WiresharkNetwork Packet Analysis with Wireshark
Network Packet Analysis with Wireshark
 

Similar to You name it, we analyze it

S4x14 Session: You Name It; We Analyze It
S4x14 Session: You Name It; We Analyze ItS4x14 Session: You Name It; We Analyze It
S4x14 Session: You Name It; We Analyze ItDigital Bond
 
Comparison of mqtt and coap protocol
Comparison of mqtt and coap protocolComparison of mqtt and coap protocol
Comparison of mqtt and coap protocolYUSUF HUMAYUN
 
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...Alexandre Moneger
 
IP Signal Distribution
IP Signal DistributionIP Signal Distribution
IP Signal DistributionrAVe [PUBS]
 
Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020
Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020
Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020Redis Labs
 
Extent3 turquoise equity_trading_2012
Extent3 turquoise equity_trading_2012Extent3 turquoise equity_trading_2012
Extent3 turquoise equity_trading_2012extentconf Tsoy
 
The art of system and solution testing
The art of system and solution testingThe art of system and solution testing
The art of system and solution testinggaoliang641
 
Internet Protocol.pdf
Internet Protocol.pdfInternet Protocol.pdf
Internet Protocol.pdfBIT DURG
 
IEC 60870-5 101 Protocol Server Simulator User manual
IEC 60870-5 101 Protocol Server Simulator User manualIEC 60870-5 101 Protocol Server Simulator User manual
IEC 60870-5 101 Protocol Server Simulator User manualFreyrSCADA Embedded Solution
 
Network protocols
Network protocolsNetwork protocols
Network protocolsAbiud Orina
 
Resource Management in (Embedded) Real-Time Systems
Resource Management in (Embedded) Real-Time SystemsResource Management in (Embedded) Real-Time Systems
Resource Management in (Embedded) Real-Time Systemsjeronimored
 
What’s eating python performance
What’s eating python performanceWhat’s eating python performance
What’s eating python performancePiotr Przymus
 
The 1990s Called. They Want Their Code Back.
The 1990s Called. They Want Their Code Back.The 1990s Called. They Want Their Code Back.
The 1990s Called. They Want Their Code Back.Jonathan Oliver
 
Dependable Systems - Hardware Dependability with Redundancy (14/16)
Dependable Systems - Hardware Dependability with Redundancy (14/16)Dependable Systems - Hardware Dependability with Redundancy (14/16)
Dependable Systems - Hardware Dependability with Redundancy (14/16)Peter Tröger
 
Continuous Performance Testing
Continuous Performance TestingContinuous Performance Testing
Continuous Performance TestingC4Media
 
Move Message Passing Interface Applications to the Next Level
Move Message Passing Interface Applications to the Next LevelMove Message Passing Interface Applications to the Next Level
Move Message Passing Interface Applications to the Next LevelIntel® Software
 
Latency SLOs Done Right
Latency SLOs Done RightLatency SLOs Done Right
Latency SLOs Done RightFred Moyer
 
Fdp embedded systems
Fdp embedded systemsFdp embedded systems
Fdp embedded systemsKavya G
 

Similar to You name it, we analyze it (20)

S4x14 Session: You Name It; We Analyze It
S4x14 Session: You Name It; We Analyze ItS4x14 Session: You Name It; We Analyze It
S4x14 Session: You Name It; We Analyze It
 
Comparison of mqtt and coap protocol
Comparison of mqtt and coap protocolComparison of mqtt and coap protocol
Comparison of mqtt and coap protocol
 
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
 
IP Signal Distribution
IP Signal DistributionIP Signal Distribution
IP Signal Distribution
 
Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020
Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020
Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020
 
Extent3 turquoise equity_trading_2012
Extent3 turquoise equity_trading_2012Extent3 turquoise equity_trading_2012
Extent3 turquoise equity_trading_2012
 
techniques.ppt
techniques.ppttechniques.ppt
techniques.ppt
 
The art of system and solution testing
The art of system and solution testingThe art of system and solution testing
The art of system and solution testing
 
Internet Protocol.pdf
Internet Protocol.pdfInternet Protocol.pdf
Internet Protocol.pdf
 
IEC 60870-5 101 Protocol Server Simulator User manual
IEC 60870-5 101 Protocol Server Simulator User manualIEC 60870-5 101 Protocol Server Simulator User manual
IEC 60870-5 101 Protocol Server Simulator User manual
 
Network protocols
Network protocolsNetwork protocols
Network protocols
 
Resource Management in (Embedded) Real-Time Systems
Resource Management in (Embedded) Real-Time SystemsResource Management in (Embedded) Real-Time Systems
Resource Management in (Embedded) Real-Time Systems
 
What’s eating python performance
What’s eating python performanceWhat’s eating python performance
What’s eating python performance
 
The 1990s Called. They Want Their Code Back.
The 1990s Called. They Want Their Code Back.The 1990s Called. They Want Their Code Back.
The 1990s Called. They Want Their Code Back.
 
Dependable Systems - Hardware Dependability with Redundancy (14/16)
Dependable Systems - Hardware Dependability with Redundancy (14/16)Dependable Systems - Hardware Dependability with Redundancy (14/16)
Dependable Systems - Hardware Dependability with Redundancy (14/16)
 
A new perspective on Network Visibility - RISK 2015
A new perspective on Network Visibility - RISK 2015A new perspective on Network Visibility - RISK 2015
A new perspective on Network Visibility - RISK 2015
 
Continuous Performance Testing
Continuous Performance TestingContinuous Performance Testing
Continuous Performance Testing
 
Move Message Passing Interface Applications to the Next Level
Move Message Passing Interface Applications to the Next LevelMove Message Passing Interface Applications to the Next Level
Move Message Passing Interface Applications to the Next Level
 
Latency SLOs Done Right
Latency SLOs Done RightLatency SLOs Done Right
Latency SLOs Done Right
 
Fdp embedded systems
Fdp embedded systemsFdp embedded systems
Fdp embedded systems
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Recently uploaded (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

You name it, we analyze it

  • 1. You Name It, We Analyze It! Jim Gilsinn Kenexis Consulting Corporation You Name It, We Analyze It! 1
  • 2. Industrial Network Types & Metrics: Publish/Subscribe • Publish/subscribe or peer-to-peer communications • Main performance metric: Cyclic frequency variability/jitter • Real-time EtherNet/IP™ uses publish/subscribe • Requested/Accepted Packet Interval (RPI/API) • Measured Packet Interval (MPI) You Name It, We Analyze It! 2
  • 3. Industrial Network Types & Metrics: Publish/Subscribe Subscriber TSub_Com_Init Publisher TPub_Com_Init TPub_1 TPub_2 TSub_M . . . • Difference between TPub_Com_Init & TSub_Com_Init is network roundtrip delay • TPub_Com_Init, TSub_Com_Init not important • Variability in TPub much more important • Theoretically, TPub doesn’t need to match Tsub TPub_N-1 TPub_N You Name It, We Analyze It! • In production systems, they are the same 3
  • 4. Performance Testing Methodology: Performance Metrics • Command/response or master/slave communications • Main performance metric: Latency • Large numbers of protocols use this • Most (All?) PC-based server/client protocols – HTTP(S), (S)FTP, etc. • Most industrial protocols – Modbus/TCP, Profinet, Ethercat, etc. You Name It, We Analyze It! 4
  • 5. Industrial Network Types & Metrics: Command/Response Commander TCom_Delay_1 Responder TRes_1 • Difference between TCom_Delay & TRes is network roundtrip delay • Latency in TCom & TRes important TCom_1 TCom_Delay_2 TRes_2 TCom_2 You Name It, We Analyze It! 5
  • 6. Isolating Traffic Streams • Isolating traffic streams can be tricky • 10’s – 100’s of traffic streams in production environment • Your Wireshark Fu must be strong! • Usually requires additional post-processing • Multiple streams can exist between same devices You Name It, We Analyze It! 6
  • 7. Isolating Traffic Streams • Traffic pairs • • • • Source IP/MAC address Destination IP/MAC address Source TCP/UDP port Destination TCP/UDP port • Publish/Subscribe • Communication stream ID • Sequence number (optional) • Command/Response • Command message/field • Response message/field • Message ID (optional) You Name It, We Analyze It! 7
  • 8. Test Time vs. Packet Interval Measured Packet Interval (ms) ~62 sec test Mean MPI = 2ms Min ~ 1.2 Max ~ 2.9 Test Time (s) You Name It, We Analyze It! 8
  • 9. Time Plot for Command/Response Regular Pattern to Delayed Packets Regular Pattern of Minimal Delayed Packets You Name It, We Analyze It! 9
  • 10. Command/Response Timing Plots • Quick succession of command/response packets • Minimal delay in command/response sequence • Apparently large delay in a single packet • Example: Rockwell tag reads Delay Until Next Time Sequence Quick Succession Read Commands You Name It, We Analyze It! 10
  • 11. Next Steps • Streamline traffic stream processing • Develop better command/response code • Build more mathematical statistical models • Add graphical modeling of time & frequency domain • Add more industrial protocols and obtain example files • • • • • Modbus Profinet DNP3 61850 And others… You Name It, We Analyze It! 11
  • 12. Questions • Contact Me • • • • • • Jim Gilsinn 301-706-9985 or 614-323-2254 jim.gilsinn@kenexis.com Twitter – @JimGilsinn LinkedIn – http://www.linkedin.com/in/jimgilsinn/ SlideShare – http://www.slideshare.net/gilsinnj You Name It, We Analyze It! 12