- CapSan - Packet capture sanitizer/anonymizer for Jon Siwek at University of Illinois.
- Jason Smith's Organized ICS PCAP repo - A comprehensive collection of ICS/SCADA PCAPs organized by protocol. Make sure to have git lfs support and do a git lfs clone of the linked repo to get the actual files.
- Bro-IDS DNP3 & Modbus Captures - Test captures from the parser testing tree.
- OpenICS test data - Test captures from the OpenICS effort.
- Profinet Captures - Random profinet captures from the wild
- QuickDraw test data - PCAPs from the quickdraw initiative to test the sensor filters.
- Various DNP3 captures - This covers a variety of DNP3 captures broken out by function types. Includes some very obscure functionality and were designed for firewall testing.
- Various Siemens S7 captures - Covers a subset of the S7 protocol, includes a few security critical functions such as authentication and firmware update.
- More S7 Captures - Some more S7 captures
- Various C37.118 Captures - Example C37.118 captures and spec details
- DLMS-COSEM Security Review - third party security review of DLMS-COSEM
- Various EthernetIP Captures - Various EthernetIP captures
- Various IEC 60870-5-104 Captures - Various IEC 60870-5-104 captures
- Various IEC 61850 Captures - Various IEC 61850 captures
- Various ModBus TCP Captures - Various Modbus TCP captures
- Various OPC Specifications - Various OPC specifications
- Various Zigbee Captures - Various Zigbee captures
- iTrust Secure Water Treatment Testbed (SWaT/SUTD) Dataset - The SWaT Dataset was systematically generated from the Secure Water Treatment Testbed (SUTD) to address this need. The data collected from the testbed consists of 11 days of continuous operation. 7 days’ worth of data was collected under normal operation while 4 days’ worth of data was collected with attack scenarios. During the data collection, all network traffic, sensor and actuator data were collected [available by request]
- iTrust WADI Dataset - Similar to the SWaT dataset, the data collected from the Water Distribution testbed consists of 16 days of continuous operation, of which 14 days’ worth of data was collected under normal operation and 2 days with attack scenarios. During the data collection, all network traffic, sensor and actuator data were collected. [available by request]
- iTrust EPIC Dataset - Blaq_0 Hackathon was first organised in January 2018 for SUTD undergraduate students. Independent attack teams design and launch attacks on EPIC. Attack teams are scored according to how successful they are in performing attacks based on specific intents. [available by request]
(creative commons license)