MS
MarlinSpike
About Demo Sign In
Passive Reconnaissance

MarlinSpike

passive OT/ICS network topology mapping
Drop a PCAP. Get a complete network topology map with asset inventory, Purdue Model classification, risk analysis, and C2/beacon detection. Zero packets transmitted.
Explore the Demo Sign In
2.2M
Packets Analyzed
104
Nodes Discovered
15
Protocols Detected
<3m
Processing Time
552MB
Peak Memory
Capabilities
0tx

Zero-Transmission Recon

Analyzes existing PCAP captures or live traffic. Never injects a single packet. Safe for production OT environments.

OT

15+ ICS Protocols

Modbus, EtherNet/IP, CIP, S7comm, DNP3, OPC-UA, BACnet, PROFINET, HART-IP, BSAP, ROCPlus, FINS, and more.

2D

Interactive Topology

SVG topology viewer with Purdue Model zone layering, pan/zoom, node detail panels, and connection highlighting.

!

Risk + MITRE ATT&CK

Automatic risk finding generation, Purdue Model violation detection, attack target prioritization with severity classification.

C2

Beacon / Exfil Detection

Beaconing analysis with jitter scoring, DNS tunnel detection via entropy analysis, high-volume exfiltration identification.

25

Sample PCAPs Included

Built-in ICS/OT, IT reference, Digital Bond S4, and CTF captures for immediate exploration and testing.

5-Stage Analysis Chain
Ingest
Dissect
Classify
Analyze
Report
Supported Protocols
Modbus EtherNet/IP CIP S7comm DNP3 OPC-UA BACnet PROFINET HART-IP BSAP ROCPlus FINS GENISYS C1222 LLDP CDP STP LACP
2.2M packets. Under 3 minutes. 552 MB peak.
Benchmarked on the 4SICS GeekLounge 200 MB industrial capture — 104 nodes, 15 protocols, full chain analysis.
River Risk Partners
About Demo Sign In