Otparse FAQs

Question 1

How does Otparse assist in OT/ICS security analysis?

Accepted Answer

By transforming complex packet capture data into structured JSON, Otparse makes it easier to understand device communications, identify potential anomalies, and generate a basic device inventory. Its integration with LLMs like Claude Code allows for direct data reasoning and threat analysis.

Question 2

What types of network protocols can Otparse analyze?

Accepted Answer

Otparse is specifically designed to parse and decode Modbus/TCP and BACnet/IP traffic from PCAP files. It uses tshark for robust protocol dissection.

Question 3

What are the key advantages of using Otparse for industrial network analysis?

Accepted Answer

Otparse offers structured JSON output optimized for LLM integration, automated device inventory generation, secure operation with read-only evidence mounts, and simplified analysis of critical industrial protocols like Modbus/TCP and BACnet/IP.

Question 4

What is Otparse and what does it do?

Accepted Answer

Otparse is a containerized tool that dissects saved OT/ICS packet captures (PCAP files) containing Modbus/TCP and BACnet/IP traffic. It decodes these protocols into structured JSON, generating a basic device inventory to aid in security analysis.

Question 5

Can Otparse analyze live network traffic?

Accepted Answer

No, Otparse is engineered to analyze only *saved* PCAP files. It does not support live packet capture but focuses on post-capture forensic analysis.

Otparse

Otparse

Key Features

Use Cases

Key Features

Use Cases