MarlinSpike — About

What

MarlinSpike is a passive OT/ICS network topology mapping engine. It analyzes packet captures (PCAP files) or live network traffic to build a complete picture of industrial control system networks — without transmitting a single packet.

The output is an interactive topology map with asset inventory, protocol breakdown, Purdue Model classification, risk findings, attack target prioritization, and C2/beacon/exfiltration detection.

How — 5-Stage Analysis Chain

Ingest ▶ Dissect ▶ Classify ▶ Analyze ▶ Report

Packet data is streamed through the analysis engine in configurable chunks, parsed into conversations and flows, classified by protocol and device role, analyzed for risk and attack surface, then rendered as a structured report with topology, asset inventory, and risk findings.

Protocols

OT / ICS:

Modbus EtherNet/IP CIP S7comm DNP3 OPC-UA BACnet PROFINET HART-IP BSAP ROCPlus FINS GENISYS C1222

Layer 2 / Discovery:

      LLDP
      CDP
      STP
      LACP
    

Standards

IEC 62443 Industrial communication networks security
MITRE ATT&CK Adversary tactics and techniques for ICS
Purdue Model ISA-95 reference architecture for zone classification

Built By

River Risk Partners