326 Handbook of SCADA/Control Systems Security
NETWORK TRAFFIC ANALYSIS
There are a number of freely available intrusion detection system (IDS) and network
capture products available that can help capture and maintain a complete network
trail of all trafc entering and leaving a SCADA network. Some of these programs
include the following:
• Snort—An open source NIDS
• TCPDump—The standard for packet capture
• NGrep—Network Grep and lter
• Etherape—GUI Network trafc monitor
• Wireshark—Network trafc analyser
NETWORK INTRUSION DETECTION
The number one fallacy about intrusion detection is when people think that IDSs
prevent intrusions. They do not prevent or deter intrusions in any way; they only
report that an intrusion occurred or was attempted. ...