SlideShare ist ein Scribd-Unternehmen logo

S4x14 Session: You Name It; We Analyze It

Digital Bond
Digital Bond

Jim Gilsinn and Bryan Singer of Kenexis Consulting Corporation had a quick 12-slide/15-minute session on analyzing ICS protocols. Good information on the what and why of pub/sub in these protocols, as well as some protocol plots showing some of the challenges of analyzing these protocols.

Technologie
1 von 12
Downloaden Sie, um offline zu lesen
You Name It, We Analyze It! Jim Gilsinn & Bryan Singer Kenexis Consulting Corporation You Name It, We Analyze It!
ndustrial Network Types & Metrics: Publish/Subscribe •  Publish/subscribe or peer-to-peer communications •  Main performance metric: Cyclic frequency variability/jitter •  Real-time EtherNet/IP uses publish/subscribe •  Requested/Accepted Packet Interval (RPI/API) •  Measured Packet Interval (MPI) You Name It, We Analyze It!
ndustrial Network Types & Metrics: Publish/Subscribe •  Difference between TPub_Com_Init & TSub_Com_In is network roundtrip dela •  TPub_Com_Init, TSub_Com_Init not important •  Variability in TPub much more important •  Theoretically, TPub does need to match Tsub •  In production systems, th are the same You Name It, We Analyze It! TPub_Com_Init Subscriber Publisher TPub_1 TPub_2 TPub_N-1 TPub_N Com_Init TSub_M . . .
Performance Testing Methodology: Performance Metrics •  Command/response or master/slave communications •  Main performance metric: Latency •  Large numbers of protocols use this •  Most (All?) PC-based server/client protocols – HTTP(S), (S)FTP, etc •  Most industrial protocols – Modbus/TCP, Profinet, Ethercat, etc. You Name It, We Analyze It!
ndustrial Network Types & Metrics: Command/Response •  Difference between TCom_Delay_# & TRes_# is network roundtrip delay •  Latency in TCom & TRes important You Name It, We Analyze It! TRes_1 Commander Responder TRes_2 Delay_1 TCom_1 TCom_2 Delay_2
solating Traffic Streams •  Isolating traffic streams can be tricky •  10’s – 100’s of traffic streams in production environment •  Your Wireshark Fu must be strong! •  Usually requires additional post-processing •  Multiple streams can exist between same devices You Name It, We Analyze It!
solating Traffic Streams •  Traffic pairs •  Source IP/MAC address •  Destination IP/MAC address •  Source TCP/UDP port •  Destination TCP/UDP port •  Publish/Subscribe •  Communication stream ID •  Sequence number (optional) •  Command/Response •  Command message/field •  Response message/field •  Message ID (optional) You Name It, We Analyze It!
Test Time vs. Packet Interval You Name It, We Analyze It! Test Time (s) Measured Packet Interval (ms) ~62 sec test Mean MPI = 2ms Min ~ 1.2 Max ~ 2.9
ime Plot for Command/Response You Name It, We Analyze It! Regular Pattern to Delayed Packets Regular Pattern of Minimal Delayed Packets
Command/Response Timing Plots •  Quick succession of command/response packets •  Minimal delay in command/response sequence •  Apparently large delay in a single packet •  Example: Rockwell tag reads You Name It, We Analyze It! Quick Succession Read Commands Delay Until Next Time Sequence
Next Steps •  Streamline traffic stream processing •  Develop better command/response code •  Build more mathematical statistical models •  Add graphical modeling of time & frequency domain •  Add more industrial protocols and obtain example files •  Modbus •  Profinet •  DNP3 •  61850 •  And others… You Name It, We Analyze It!
Questions •  Contact Me •  Jim Gilsinn •  301-706-9985 or 614-323-2254 •  jim.gilsinn@kenexis.com •  Twitter – @JimGilsinn •  LinkedIn – http://www.linkedin.com/in/jimgilsinn/ •  SlideShare – http://www.slideshare.net/gilsinnj You Name It, We Analyze It!

Empfohlen

RIPE 76: TCP and BBR
RIPE 76: TCP and BBRRIPE 76: TCP and BBR
RIPE 76: TCP and BBRAPNIC
 
RIPE 76: Measuring ATR
RIPE 76: Measuring ATRRIPE 76: Measuring ATR
RIPE 76: Measuring ATRAPNIC
 
message passing
message passing message passing
message passingAshish Kumar
 
Tcp and udp ports
Tcp and udp portsTcp and udp ports
Tcp and udp portssujanakumari1
 
Rpc (Distributed computing)
Rpc (Distributed computing)Rpc (Distributed computing)
Rpc (Distributed computing)Sri Prasanna
 
Unit 4 UDP
Unit 4 UDPUnit 4 UDP
Unit 4 UDPNivetha Palanisamy
 
Analysis of Link State Resource Reservation Protocol for Congestion Managemen...
Analysis of Link State Resource Reservation Protocol for Congestion Managemen...Analysis of Link State Resource Reservation Protocol for Congestion Managemen...
Analysis of Link State Resource Reservation Protocol for Congestion Managemen...ijgca
 
Retransmission Tcp
Retransmission TcpRetransmission Tcp
Retransmission TcpRam Dutt Shukla
 

Empfohlen

RIPE 76: TCP and BBR
RIPE 76: TCP and BBRRIPE 76: TCP and BBR
RIPE 76: TCP and BBRAPNIC
 
RIPE 76: Measuring ATR
RIPE 76: Measuring ATRRIPE 76: Measuring ATR
RIPE 76: Measuring ATRAPNIC
 
message passing
message passing message passing
message passingAshish Kumar
 
Tcp and udp ports
Tcp and udp portsTcp and udp ports
Tcp and udp portssujanakumari1
 
Rpc (Distributed computing)
Rpc (Distributed computing)Rpc (Distributed computing)
Rpc (Distributed computing)Sri Prasanna
 
Unit 4 UDP
Unit 4 UDPUnit 4 UDP
Unit 4 UDPNivetha Palanisamy
 
Analysis of Link State Resource Reservation Protocol for Congestion Managemen...
Analysis of Link State Resource Reservation Protocol for Congestion Managemen...Analysis of Link State Resource Reservation Protocol for Congestion Managemen...
Analysis of Link State Resource Reservation Protocol for Congestion Managemen...ijgca
 
Retransmission Tcp
Retransmission TcpRetransmission Tcp
Retransmission TcpRam Dutt Shukla
 
TCP/IP
TCP/IPTCP/IP
TCP/IPaibad ahmed
 
Tcp Udp Notes
Tcp Udp NotesTcp Udp Notes
Tcp Udp NotesRam Dutt Shukla
 
The Migration From Erlang To Otp A Case Study Of A Heavy Duty Tcpip Clients...
The Migration From Erlang To Otp A Case Study Of A Heavy Duty Tcpip Clients...The Migration From Erlang To Otp A Case Study Of A Heavy Duty Tcpip Clients...
The Migration From Erlang To Otp A Case Study Of A Heavy Duty Tcpip Clients...l xf
 
RPC: Remote procedure call
RPC: Remote procedure callRPC: Remote procedure call
RPC: Remote procedure callSunita Sahu
 
Tcp vs udp
Tcp vs udpTcp vs udp
Tcp vs udphassamkhaliq
 
Message passing in Distributed Computing Systems
Message passing in Distributed Computing SystemsMessage passing in Distributed Computing Systems
Message passing in Distributed Computing SystemsAlagappa Govt Arts College, Karaikudi
 
Remote Procedure Call (RPC) Server creation semantics & call semantics
Remote Procedure Call (RPC) Server creation semantics & call semanticsRemote Procedure Call (RPC) Server creation semantics & call semantics
Remote Procedure Call (RPC) Server creation semantics & call semanticssvm
 
Rpc Case Studies (Distributed computing)
Rpc Case Studies (Distributed computing)Rpc Case Studies (Distributed computing)
Rpc Case Studies (Distributed computing)Sri Prasanna
 
Comparing Cpp And Erlang For Motorola Telecoms Software
Comparing Cpp And Erlang For Motorola Telecoms SoftwareComparing Cpp And Erlang For Motorola Telecoms Software
Comparing Cpp And Erlang For Motorola Telecoms Softwarel xf
 
Adaptation of tcp window
Adaptation of tcp windowAdaptation of tcp window
Adaptation of tcp windowpriya Nithya
 
Remote Procedure Call in Distributed System
Remote Procedure Call in Distributed SystemRemote Procedure Call in Distributed System
Remote Procedure Call in Distributed SystemPoojaBele1
 
Icmp
IcmpIcmp
IcmpAbhishek Kesharwani
 
You name it, we analyze it
You name it, we analyze itYou name it, we analyze it
You name it, we analyze itJim Gilsinn
 
The art of system and solution testing
The art of system and solution testingThe art of system and solution testing
The art of system and solution testinggaoliang641
 
ICS Performance Lab
ICS Performance LabICS Performance Lab
ICS Performance LabJim Gilsinn
 
IP Signal Distribution
IP Signal DistributionIP Signal Distribution
IP Signal DistributionrAVe [PUBS]
 
Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020
Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020
Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020Redis Labs
 
Multimedia networks
Multimedia networksMultimedia networks
Multimedia networksSaqib Shehzad
 
Performance & Monitoring Performance.pdf
Performance & Monitoring Performance.pdfPerformance & Monitoring Performance.pdf
Performance & Monitoring Performance.pdfPhcng785014
 
Scaling habits of ASP.NET
Scaling habits of ASP.NETScaling habits of ASP.NET
Scaling habits of ASP.NETDavid Giard
 
Lecture set 7
Lecture set 7Lecture set 7
Lecture set 7Gopi Saiteja
 
Continuous Performance Testing
Continuous Performance TestingContinuous Performance Testing
Continuous Performance TestingC4Media
 

Weitere ähnliche Inhalte

Was ist angesagt?

The Migration From Erlang To Otp A Case Study Of A Heavy Duty Tcpip Clients...
The Migration From Erlang To Otp A Case Study Of A Heavy Duty Tcpip Clients...The Migration From Erlang To Otp A Case Study Of A Heavy Duty Tcpip Clients...
The Migration From Erlang To Otp A Case Study Of A Heavy Duty Tcpip Clients...l xf
 
RPC: Remote procedure call
RPC: Remote procedure callRPC: Remote procedure call
RPC: Remote procedure callSunita Sahu
 
Remote Procedure Call (RPC) Server creation semantics & call semantics
Remote Procedure Call (RPC) Server creation semantics & call semanticsRemote Procedure Call (RPC) Server creation semantics & call semantics
Remote Procedure Call (RPC) Server creation semantics & call semanticssvm
 
Rpc Case Studies (Distributed computing)
Rpc Case Studies (Distributed computing)Rpc Case Studies (Distributed computing)
Rpc Case Studies (Distributed computing)Sri Prasanna
 
Comparing Cpp And Erlang For Motorola Telecoms Software
Comparing Cpp And Erlang For Motorola Telecoms SoftwareComparing Cpp And Erlang For Motorola Telecoms Software
Comparing Cpp And Erlang For Motorola Telecoms Softwarel xf
 
Adaptation of tcp window
Adaptation of tcp windowAdaptation of tcp window
Adaptation of tcp windowpriya Nithya
 
Remote Procedure Call in Distributed System
Remote Procedure Call in Distributed SystemRemote Procedure Call in Distributed System
Remote Procedure Call in Distributed SystemPoojaBele1
 

Was ist angesagt? (12)

TCP/IP
TCP/IPTCP/IP
TCP/IP
 
Tcp Udp Notes
Tcp Udp NotesTcp Udp Notes
Tcp Udp Notes
 
The Migration From Erlang To Otp A Case Study Of A Heavy Duty Tcpip Clients...
The Migration From Erlang To Otp A Case Study Of A Heavy Duty Tcpip Clients...The Migration From Erlang To Otp A Case Study Of A Heavy Duty Tcpip Clients...
The Migration From Erlang To Otp A Case Study Of A Heavy Duty Tcpip Clients...
 
RPC: Remote procedure call
RPC: Remote procedure callRPC: Remote procedure call
RPC: Remote procedure call
 
Tcp vs udp
Tcp vs udpTcp vs udp
Tcp vs udp
 
Message passing in Distributed Computing Systems
Message passing in Distributed Computing SystemsMessage passing in Distributed Computing Systems
Message passing in Distributed Computing Systems
 
Remote Procedure Call (RPC) Server creation semantics & call semantics
Remote Procedure Call (RPC) Server creation semantics & call semanticsRemote Procedure Call (RPC) Server creation semantics & call semantics
Remote Procedure Call (RPC) Server creation semantics & call semantics
 
Rpc Case Studies (Distributed computing)
Rpc Case Studies (Distributed computing)Rpc Case Studies (Distributed computing)
Rpc Case Studies (Distributed computing)
 
Comparing Cpp And Erlang For Motorola Telecoms Software
Comparing Cpp And Erlang For Motorola Telecoms SoftwareComparing Cpp And Erlang For Motorola Telecoms Software
Comparing Cpp And Erlang For Motorola Telecoms Software
 
Adaptation of tcp window
Adaptation of tcp windowAdaptation of tcp window
Adaptation of tcp window
 
Remote Procedure Call in Distributed System
Remote Procedure Call in Distributed SystemRemote Procedure Call in Distributed System
Remote Procedure Call in Distributed System
 
Icmp
IcmpIcmp
Icmp
 

Ähnlich wie S4x14 Session: You Name It; We Analyze It

You name it, we analyze it
You name it, we analyze itYou name it, we analyze it
You name it, we analyze itJim Gilsinn
 
The art of system and solution testing
The art of system and solution testingThe art of system and solution testing
The art of system and solution testinggaoliang641
 
ICS Performance Lab
ICS Performance LabICS Performance Lab
ICS Performance LabJim Gilsinn
 
IP Signal Distribution
IP Signal DistributionIP Signal Distribution
IP Signal DistributionrAVe [PUBS]
 
Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020
Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020
Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020Redis Labs
 
Performance & Monitoring Performance.pdf
Performance & Monitoring Performance.pdfPerformance & Monitoring Performance.pdf
Performance & Monitoring Performance.pdfPhcng785014
 
Scaling habits of ASP.NET
Scaling habits of ASP.NETScaling habits of ASP.NET
Scaling habits of ASP.NETDavid Giard
 
Continuous Performance Testing
Continuous Performance TestingContinuous Performance Testing
Continuous Performance TestingC4Media
 
Network performance overview
Network performance overviewNetwork performance overview
Network performance overviewMy cp
 
Resilient Predictive Data Pipelines (GOTO Chicago 2016)
Resilient Predictive Data Pipelines (GOTO Chicago 2016)Resilient Predictive Data Pipelines (GOTO Chicago 2016)
Resilient Predictive Data Pipelines (GOTO Chicago 2016)Sid Anand
 
Move Message Passing Interface Applications to the Next Level
Move Message Passing Interface Applications to the Next LevelMove Message Passing Interface Applications to the Next Level
Move Message Passing Interface Applications to the Next LevelIntel® Software
 
Comparison of mqtt and coap protocol
Comparison of mqtt and coap protocolComparison of mqtt and coap protocol
Comparison of mqtt and coap protocolYUSUF HUMAYUN
 
Latency SLOs Done Right
Latency SLOs Done RightLatency SLOs Done Right
Latency SLOs Done RightFred Moyer
 
Dccp evaluation for sip signaling ict4 m
Dccp evaluation for sip signaling ict4 m Dccp evaluation for sip signaling ict4 m
Dccp evaluation for sip signaling ict4 m Agus Awaludin
 
Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP ThousandEyes
 
Remote invocation
Remote invocationRemote invocation
Remote invocationishapadhy
 

Ähnlich wie S4x14 Session: You Name It; We Analyze It (20)

You name it, we analyze it
You name it, we analyze itYou name it, we analyze it
You name it, we analyze it
 
The art of system and solution testing
The art of system and solution testingThe art of system and solution testing
The art of system and solution testing
 
ICS Performance Lab
ICS Performance LabICS Performance Lab
ICS Performance Lab
 
IP Signal Distribution
IP Signal DistributionIP Signal Distribution
IP Signal Distribution
 
Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020
Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020
Protecting Your API with Redis by Jane Paek - Redis Day Seattle 2020
 
Multimedia networks
Multimedia networksMultimedia networks
Multimedia networks
 
Performance & Monitoring Performance.pdf
Performance & Monitoring Performance.pdfPerformance & Monitoring Performance.pdf
Performance & Monitoring Performance.pdf
 
Scaling habits of ASP.NET
Scaling habits of ASP.NETScaling habits of ASP.NET
Scaling habits of ASP.NET
 
Lecture set 7
Lecture set 7Lecture set 7
Lecture set 7
 
Continuous Performance Testing
Continuous Performance TestingContinuous Performance Testing
Continuous Performance Testing
 
Network performance overview
Network performance overviewNetwork performance overview
Network performance overview
 
TCP /IP
TCP /IPTCP /IP
TCP /IP
 
Resilient Predictive Data Pipelines (GOTO Chicago 2016)
Resilient Predictive Data Pipelines (GOTO Chicago 2016)Resilient Predictive Data Pipelines (GOTO Chicago 2016)
Resilient Predictive Data Pipelines (GOTO Chicago 2016)
 
Move Message Passing Interface Applications to the Next Level
Move Message Passing Interface Applications to the Next LevelMove Message Passing Interface Applications to the Next Level
Move Message Passing Interface Applications to the Next Level
 
Comparison of mqtt and coap protocol
Comparison of mqtt and coap protocolComparison of mqtt and coap protocol
Comparison of mqtt and coap protocol
 
Latency SLOs Done Right
Latency SLOs Done RightLatency SLOs Done Right
Latency SLOs Done Right
 
Dccp evaluation for sip signaling ict4 m
Dccp evaluation for sip signaling ict4 m Dccp evaluation for sip signaling ict4 m
Dccp evaluation for sip signaling ict4 m
 
Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP
 
Transaction TCP
Transaction TCPTransaction TCP
Transaction TCP
 
Remote invocation
Remote invocationRemote invocation
Remote invocation
 

Mehr von Digital Bond

The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security ProductsDigital Bond
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaDigital Bond
 
Remote Control Automobiles at ESCAR US 2015
Remote Control Automobiles at ESCAR US 2015Remote Control Automobiles at ESCAR US 2015
Remote Control Automobiles at ESCAR US 2015Digital Bond
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE ExperienceDigital Bond
 
Windows Service Hardening
Windows Service HardeningWindows Service Hardening
Windows Service HardeningDigital Bond
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSFDigital Bond
 
Assessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsAssessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsDigital Bond
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS CommunicationsDigital Bond
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014Digital Bond
 
Unidirectional Security Appliances to Secure ICS
Unidirectional Security Appliances to Secure ICSUnidirectional Security Appliances to Secure ICS
Unidirectional Security Appliances to Secure ICSDigital Bond
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)Digital Bond
 
Survey and Analysis of ICS Vulnerabilities (Japanese)
Survey and Analysis of ICS Vulnerabilities (Japanese)Survey and Analysis of ICS Vulnerabilities (Japanese)
Survey and Analysis of ICS Vulnerabilities (Japanese)Digital Bond
 
ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)Digital Bond
 
Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Digital Bond
 
Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Digital Bond
 

Mehr von Digital Bond (20)

The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar Asia
 
Remote Control Automobiles at ESCAR US 2015
Remote Control Automobiles at ESCAR US 2015Remote Control Automobiles at ESCAR US 2015
Remote Control Automobiles at ESCAR US 2015
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE Experience
 
Windows Service Hardening
Windows Service HardeningWindows Service Hardening
Windows Service Hardening
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
Assessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsAssessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS Solutions
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS Communications
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014
 
Unidirectional Security Appliances to Secure ICS
Unidirectional Security Appliances to Secure ICSUnidirectional Security Appliances to Secure ICS
Unidirectional Security Appliances to Secure ICS
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing Keynote
 
Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)
 
Survey and Analysis of ICS Vulnerabilities (Japanese)
Survey and Analysis of ICS Vulnerabilities (Japanese)Survey and Analysis of ICS Vulnerabilities (Japanese)
Survey and Analysis of ICS Vulnerabilities (Japanese)
 
ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)
 
Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)
 
Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Incubation of ICS Malware (English)
Incubation of ICS Malware (English)
 

Kürzlich hochgeladen

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 

Kürzlich hochgeladen (20)

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dash
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 

S4x14 Session: You Name It; We Analyze It

  • 1. You Name It, We Analyze It! Jim Gilsinn & Bryan Singer Kenexis Consulting Corporation You Name It, We Analyze It!
  • 2. ndustrial Network Types & Metrics: Publish/Subscribe •  Publish/subscribe or peer-to-peer communications •  Main performance metric: Cyclic frequency variability/jitter •  Real-time EtherNet/IP uses publish/subscribe •  Requested/Accepted Packet Interval (RPI/API) •  Measured Packet Interval (MPI) You Name It, We Analyze It!
  • 3. ndustrial Network Types & Metrics: Publish/Subscribe •  Difference between TPub_Com_Init & TSub_Com_In is network roundtrip dela •  TPub_Com_Init, TSub_Com_Init not important •  Variability in TPub much more important •  Theoretically, TPub does need to match Tsub •  In production systems, th are the same You Name It, We Analyze It! TPub_Com_Init Subscriber Publisher TPub_1 TPub_2 TPub_N-1 TPub_N Com_Init TSub_M . . .
  • 4. Performance Testing Methodology: Performance Metrics •  Command/response or master/slave communications •  Main performance metric: Latency •  Large numbers of protocols use this •  Most (All?) PC-based server/client protocols – HTTP(S), (S)FTP, etc •  Most industrial protocols – Modbus/TCP, Profinet, Ethercat, etc. You Name It, We Analyze It!
  • 5. ndustrial Network Types & Metrics: Command/Response •  Difference between TCom_Delay_# & TRes_# is network roundtrip delay •  Latency in TCom & TRes important You Name It, We Analyze It! TRes_1 Commander Responder TRes_2 Delay_1 TCom_1 TCom_2 Delay_2
  • 6. solating Traffic Streams •  Isolating traffic streams can be tricky •  10’s – 100’s of traffic streams in production environment •  Your Wireshark Fu must be strong! •  Usually requires additional post-processing •  Multiple streams can exist between same devices You Name It, We Analyze It!
  • 7. solating Traffic Streams •  Traffic pairs •  Source IP/MAC address •  Destination IP/MAC address •  Source TCP/UDP port •  Destination TCP/UDP port •  Publish/Subscribe •  Communication stream ID •  Sequence number (optional) •  Command/Response •  Command message/field •  Response message/field •  Message ID (optional) You Name It, We Analyze It!
  • 8. Test Time vs. Packet Interval You Name It, We Analyze It! Test Time (s) Measured Packet Interval (ms) ~62 sec test Mean MPI = 2ms Min ~ 1.2 Max ~ 2.9
  • 9. ime Plot for Command/Response You Name It, We Analyze It! Regular Pattern to Delayed Packets Regular Pattern of Minimal Delayed Packets
  • 10. Command/Response Timing Plots •  Quick succession of command/response packets •  Minimal delay in command/response sequence •  Apparently large delay in a single packet •  Example: Rockwell tag reads You Name It, We Analyze It! Quick Succession Read Commands Delay Until Next Time Sequence
  • 11. Next Steps •  Streamline traffic stream processing •  Develop better command/response code •  Build more mathematical statistical models •  Add graphical modeling of time & frequency domain •  Add more industrial protocols and obtain example files •  Modbus •  Profinet •  DNP3 •  61850 •  And others… You Name It, We Analyze It!
  • 12. Questions •  Contact Me •  Jim Gilsinn •  301-706-9985 or 614-323-2254 •  jim.gilsinn@kenexis.com •  Twitter – @JimGilsinn •  LinkedIn – http://www.linkedin.com/in/jimgilsinn/ •  SlideShare – http://www.slideshare.net/gilsinnj You Name It, We Analyze It!