OT 111: DNP3 Protocol (30 pts)

What You Need

Any computer.

Purpose

To learn more about DNP3 by reading documentation and exploring packet capture files.

Flag OT 111.1: International Standard (5 pts)
What international standard was partially completed in 1993, and used as the basis for the design of DNP3?
Hint: Read this page: DNP3 on Wikipedia

Installing Wireshark

If you don't have Wireshark installed, get it from:

https://www.wireshark.org/

Flag OT 111.2: Timestamp (5 pts)
Download this file: dnp3.pcap
Open it in Wireshark.
There are four "Write, Time and Date" packets.
Find the timestamp sent by the last of those four packets. That's the flag.

Flag OT 111.3: Read (5 pts)
Download this file: dnp3_read.pcap
Open it in Wireshark.
A master device reads data from a remote device, including several 32-bit analog values. Find the smallest value, which is a negative number.
That's the flag.

Flag OT 111.4: File Name (5 pts)
Download this file: dnp3_file_read.pcap
Open it in Wireshark.
The controller reads a file from the remote device.
Find the name of that file.
That's the flag.

Flag OT 111.5: Author (10 pts)
Use the same file as in the previous challenge.
Find the author of the file that the controller read.
That's the flag.

References

DNP3 on Wikipedia
ICS-Security-Tools pcaps/bro/dnp3
DNP3-Dataset-Plus-SnortRules

Posted 2-29-24
Scoreing flags fixed 3-16-24