SCADA & Industrial Control Systems Analysis & Troubleshooting -

SCADA & Industrial Control Systems Analysis & Troubleshooting

Price: € T.B.A.

Format: Classroom, Virtual / In-house

This course is for Networking, Engineering, and Security personnel who need to develop a set of packet investigation techniques through study of the Industrial Control Systems and SCADA networking Protocols (IEC 60870, IEC 60870-5, IEC 60870-6 standard protocols: BACNET, CODESYS,.. read more below

Amsterdam / In-House / Virtual

T.B.A. 2025

8:30 - 16:30

duration: 5 days

5-12 class size

English

The technologies of Industrial Control Systems and SCADA architecture comprise many of the critical components of the worldwide critical infrastructure. Effective analysis and troubleshooting such advanced technologies encompasses the skills of not only capturing data, but also the ability to discern unusual patterns hidden within seemingly normal network traffic. This course will provide the student with a set of investigate and analysis techniques focusing on the use of vendor-neutral, Open-Source Tools such as Wireshark to provide insight into the following areas:

– Specialized configuration and advanced traffic capture tips

– Recognition, analysis and threat recognition for a many of the Industrial Control Systems currently in use in such sectors as: Energy production, Water, food and transportation technologies including IEC 60870, IEC 60870-5, IEC 60870-6 standard protocols: BACNET, CODESYS, DNP3, EIP, Ethercat, Modbus, Point Protocol, S7, HART IP, and ISO Protocol Stacks

– Specialized ICS Analysis techniques including data traffic reconstruction and viewing techniques.
Real-World examples will be utilized throughout the course in conjunction with numerous hands-on exercises to provide field proven, practical analysis skills. Attendees will receive a student guide including numerous reference files and networking and forensics tools, as well as a library of reference documents

This course is designed for Networking, Engineering and Security personnel that need to develop a set of packet investigation techniques through study of the Industrial Control Systems and SCADA networking Protocols using Wireshark and other Open-Source Analysis tools. Successful completion of this course will provide these individuals with a path-way into the field of both Network and Forensics Analysis.

Introduction to Advanced Network Analysis
Logistics
Network analysis challenges – Nomenclature, Terminology and the Next Generation Protocols

Collecting the Data – Data Capture
Recap – Data Collection
Configuring Wireshark 2.0
New features to enhance capture – USBPcap / Androiddump
Using capture filters to capture specific suspect traffic
Stealth / Silent Collection of Data – Tips & Techniques
WiFi Device Analysis using AirPcap Control Panel
New Wireless Toolbar and WiFi features – WEP / WPA / WPA2 Decryption
Bluetooth capture features
Location – How Network Infrastructure Devices Affect Network Analysis
Hubs, Switches, Bridges, Routers, Firewalls and CSU / DSU

Industrial Control Systems Architecture & Components
Architecture
Supervisory Control and Data Acquisition (SCADA)
Digital Control System (DCS)
Non-Centralized Systems (NCS)
Components
General-purpose computers
Programmable Logic Controller (PLC)
Remote Telemetry (or Terminal) Units (RTUs)
Special purpose systems
Smart sensors and actuators

Analysis of Network Applications and User Traffic
Key ICS / SCADA Protocols
What’s Normal vs. Abnormal – The Role of Control System Baseline Files
Color Rules
Filtering & Pattern recognition
Building a Baseline Library – Where Do I go to Find Samples?

IEC 60870, IEC 60870-5, IEC 60870-6 standard protocols
ICS / SCADA Protocol Stacks
How do the standard TCP / IP Protocols fit in?
BACNET
CODESYS
DNP3
EIP
Ethercat
Modbus
Point Protocol
S7
HART IP
ISO Protocol Stacks

Network Analysis Methodology
Analyzing the Network Communication Architecture
Analyzing Conversations and Activities
Analyzing Conversations and Activities Using Expert Systems to Determine Unusual Activity
Determining Which Conversations Are Suspect – Analyzing Latency and Throughput to recognize and analyze suspicious user traffic
A Sample Advanced Network Analysis Methodology
6 Steps for practical ICS / SCADA Network Analysis
Answering the key questions
A Sample Network Analysis Methodology
Diagraming Conversations – A Picture is worth 1024 Words
Related Packet and Intelligent Scrollbar features

Security Concerns in the ICS / SCADA Environment – When Things go Wrong
Exploiting the Target & Exploits
Drive-by-Downloads
Ransomware, Crimeware and Malware – Worms & Virus’s
Fake Login’s & Password Hijacks
Overflow’s
Internet-Based Exploits
Attacks
Bots, Botnets, Bot Herders
Denial of Service (DoS / DDoS)

Student qoutes

"It's sure the most interesting course that i have followed"

- Karin van der Plas

Course: TCP/IP Analysis and Troubleshooting with Wireshark

"It was a very very very interesting course, and done by the top guy"

- Matthew Steenwijk

Course: VoIP Network Analysis

"It was a real pleasure to receive the Wireshark training from a very dedicated trainer"

- Wim de Vries

Course: Voice & Video over IP Network Analysis Using Wireshark

"I thought I already knew Wireshark. I was wrong, very wrong"

- Jeroen Valkonet

Course: TCP/IP Analysis and Troubleshooting with Wireshark

"This course is a must have for everyone in IT"

- Johan den Besten

Course: TCP/IP Analysis and Troubleshooting with Wireshark

"Great for network analyses or forensic investigations"

- Sven Schneider

Course: Masterclass – Advanced Network & Intro to Security Analysis

"By far the very best course I ever took"

- Joachim van Doeselaar

Course: TCP/IP Analysis and Troubleshooting with Wireshark

"If there’s a packet, it can be WireSharked!!"

- Elena Petrova

Course: WiFi & Wireless Network Analysis Using Wireshark

"Extremely satisfied with the training. Very helpful instructor and great teaching methods"

Oct

- 10

Oct

2025

Effective Network TCP/IP Analysis and Optimization encompasses the skills of not only capturing data, but also the ability to discern the key patterns hidden within the flood of network traffic...

Masterclass – Advanced Network & Intro to Security Analysis

Amsterdam / In-House / Virtual

duration: 5 days

T.B.A. 2025

The realities of modern traffic analysis require interpreting encrypted network traffic correctly. A detailed knowledge of how key protocols such as HTTP can provide valuable insights into what is happening..