Capture files from 4SICS Geek Lounge

4SICS logo

The industrial cyber security conference 4SICS (now CS3Sthlm) is an annual summit that gather the most important ICS/SCADA cyber security stakeholders across critical industries (i.e. energy, oil & gas, water, transportation and smartgrid etc).

The "Geek Lounge" at 4SICS contains an ICS lab with PLCs, RTUs, servers, industrial network equipment (switches, firewalls, etc). These devices are available for hands-on "testing" by 4SICS attendees.

We at Netresec have worked with the 4SICS crew to capture the network traffic at the ICS lab. The idea is to share the captured PCAP files on the Internet, since network traffic from industrial networks is a really scarce resource!

We kindly ask you to credit CS3Sthlm, for allowing the network traffic from the 4SICS lab to be captured and shared, if you will re-distribute this dataset or use it as part of a training. We would also appreciate a link back to this page.

4SICS 2015 PCAP Files

4SICS-GeekLounge-151020.pcap  25MB
4SICS-GeekLounge-151021.pcap 134MB
4SICS-GeekLounge-151022.pcap 200MB

Devices in the ICS Lab

Image Credit: 4SICS
Rack 1 to 5. Image Credit: 4SICS

Rack #1 (from left)

Rack #2

Rack #3

Rack #4

Rack #5 (the one on the right)

Devices not found in a rack

Client Network (where the "hackers" are)

Svenska Kraftnät (Swedish Grid)

SVK network. Photo Credit: Patrick Nixdorf
Network of demo installation for Svenska Kraftnät (Swedish Grid). Photo credit: Patrick Nixdorf