device type or device version in a PCAP [closed]

asked 2021-04-22 15:18:17 +0000

macampic gravatar image

updated 2021-04-22 15:18:40 +0000

Is there any way I could detect/see the device type of an OT device or device version in a PCAP?

edit retag flag offensive reopen merge delete

Closed for the following reason duplicate question by grahamb
close date 2021-04-22 16:02:32.439059


Isn't this a rephrasing of your previous question and hence a duplicate?

grahamb gravatar imagegrahamb ( 2021-04-22 15:37:43 +0000 )edit

yes and no, I didn't want to ask in the same question another doubt (similar but not the same one). I've read that in IT devices with the follow TCP you can know the type of device so I was wondering if it would work similar with OT devices. Becasuse I know there are tools as Security Onion that can do an asset inventory but I can't find how they work and how they identify the device type in this kind of tools.

macampic gravatar imagemacampic ( 2021-04-22 15:46:02 +0000 )edit

Seems to be the same question to me, just the source of the data is now specified to be a pcap. I'll close this as a duplicate as I think it helps to keep all the comments and answers on your original question. Feel free to add a comment to your original question if you think it needs clarification.

grahamb gravatar imagegrahamb ( 2021-04-22 16:02:27 +0000 )edit