PCAP Player

OT Security enables you to upload a PCAP (Packet Capture) file containing recorded network activity and “play” it on OT Security. When you “play” a PCAP file, OT Security monitors the network traffic and records all information about detected assets, network activity, and vulnerabilities as if the traffic occurred within your network. You can use this feature for simulation purposes or in order to analyze traffic that occurs outside of the network that OT Security monitors. For example, remote plants.

Note:PCAP Player supports these file types: .pcap, .pcapng, .pcap.gz, .pcapng.gz. You can use files that are recorded by an instance of OT Security or other network monitoring tools.

Upload a PCAP File

To upload a PCAP file:

  1. In the Data Collection > Data Sources page, click the PCAP Player tab.

    The PCAP Player page appears.

  2. Click Upload PCAP File.

    The File Explorer opens.

  3. Select the required PCAP recording.

  4. Click Open.

    OT Security uploads the PCAP file to the system.

Play a PCAP File

To play a PCAP file:

  1. In the Data Collection > Data Sources page, click the PCAP Player tab.

    The PCAP Player page appears.

  2. Select the PCAP recording you want to play.

  3. Click Actions > Play.

    The Play PCAP wizard appears.

  4. In the Play Speed drop-down box, select the speed at which you want the system to play the file.

    Options are: 1X, 2X, 4X, 8X or 16X.

    Note: Playing a PCAP file injects data into the system, you cannot undo or stop this operation once it runs.

  5. Click Play.

    The system plays the PCAP file. All network activity in the PCAP file is registered in the system and assets identified by the system are added to the assets inventory.

    Note: You cannot play another PCAP file while a file is still playing.