2025-11-05 –, Grand Ballroom Salons AB
Language: English
Modern industrial networks pose unique challenges for packet analysis. This talk will introduce Wireshark users to the world of Operational Technology (OT) networks – the networks that control physical equipment in factories, power plants, and critical infrastructure – and explain how they differ from traditional Information Technology (IT) networks. We will explore how OT networks prioritize deterministic, time-critical communication in a way that IT networks do not, and why capturing and analyzing packets in OT environments is often more challenging. Attendees will learn about the distinct network architectures and protocols used in OT (from fieldbus and PLC communications to SCADA systems), and how factors like cycle times and real-time scheduling shape traffic patterns. We’ll discuss why OT traffic tends to be highly regular and cyclic (enabling whitelisting of expected flows) in contrast to the bursty, ad-hoc traffic of IT networks . The talk will also highlight security implicat
Key Takeaways:
• Fundamental differences in purpose and design between IT and OT networks (priorities of safety/up-time vs. data-centric goals ).
• How OT network traffic is deterministic and cycle-driven rather than ad-hoc, with strict timing requirements  .
• Awareness of legacy systems and security challenges in OT (long device lifecycles, rare patches, focus on network segregation over frequent updates  ).
• Practical tips for using Wireshark on OT protocols, including recognizing industrial protocol traffic and analyzing communication patterns over time.
• Examples of diagnosing OT network issues by examining packet timing and sequence instead of just packet content.
By the end of this talk, attendees will have a clear understanding of what makes packet capture and analysis in OT environments unique, and how to leverage Wireshark to troubleshoot and monitor industrial network traffic effectively. Expect to gain insight into a fascinating area where networking meets the physical world, and pick up tips that you can apply when you encounter OT protocols in the wild.
Roland Knall is a seasoned software developer and systems architect based in Salzburg, Austria, with over 25 years of experience . He has extensive expertise in network technology, focusing on network analysis and packet capture . As a core developer of the Wireshark network analyzer, Roland has contributed to its open-source development for nearly a decade, including six years on Wireshark’s core team . He is also a member of Wireshark’s Technical Steering Committee , helping shape the project’s direction. He is active in the open-source community and regularly shares his knowledge through conference talks and panel discussions, including Wireshark’s SharkFest user conferences .