EmberOT announced the launch of OT PCAP Analyzer v2.0.4, a major update to its free community tool that enables security professionals to analyze industrial control system (ICS) packet captures with improved visibility and deeper context.
The latest version of the OT PCAP Analyzer introduces substantial improvements to asset fidelity, moving beyond static manufacturer classification to dynamically extract device intelligence directly from observed traffic. Assets identified within uploaded PCAP files can now include hostnames, firmware versions, model numbers, serial numbers, encapsulation context, and object or property identifiers when present in the data.
“Industrial defenders deserve tools that reflect how OT environments actually behave,” said Jori VanAntwerp, Founder & CEO of EmberOT. “With version 2.0.4 of the free OT PCAP Analyzer, we’ve significantly improved asset fidelity by extracting device details directly from traffic fingerprints instead of relying on static mappings. It’s the same philosophy that drives our full Ember platform: observe, extract, and contextualize what truly matters.”
What’s new in OT PCAP Analyzer v2.0.4
The improvements in v2.0.4 make the free tool even more valuable for industrial defenders and analysts:
▶ Richer Asset Details from PCAPs
→ Extracted hostnames, firmware, model, and serial numbers
→ Encapsulation context surfaced for clearer protocol understanding
→ Object and property identifiers included when available in traffic
▶ Improved Asset Discovery Logic
→ More consistent grouping of the same device across captures
→ Enhanced profiling for deeper forensic and investigative workflows
▶ Linux Stability Improvements
→ Resolved a crash affecting certain PCAP uploads on Linux systems
Built for the Community, and Distinct from the Full Ember Platform
OT PCAP Analyzer is a free tool created for the OT security community to assist with incident response, forensic analysis, research, and training. It is intentionally lightweight and capture-based.
EmberOT’s flagship product, the Ember, provides continuous monitoring, asset inventory, flow-based contextual detection, risk indexing, and enterprise-scale deployment across distributed industrial environments. While PCAP Analyzer operates on static capture files, Ember delivers persistent, real-time observability and threat detection.
The PCAP Analyzer reflects EmberOT’s broader design philosophy: extract meaningful metadata, reduce noise, and provide actionable insight tailored to deterministic OT environments.
Upcoming ICS Vulnerabilities Research Report
EmberOT also announced it is finalizing a comprehensive ICS Vulnerabilities Research Report, expected to publish before the end of February. The report will examine trends, patterns, and risk implications across industrial environments, offering operators and defenders practical insights for prioritization and mitigation.
Meet EmberOT in Miami
Industry professionals can meet the EmberOT team in Miami, Florida, at these upcoming conferences:
▶ BSides ICS on February 23, 2026
▶ S4x26 February 23-26, 2026
Attendees are invited to schedule time to see the Ember platform in action, explore OT PCAP Analyzer capabilities, or discuss findings from the upcoming ICS Vulnerabilities Research Report.
Download the OT PCAP Analyzer
Related News:
Kongsberg Digital and Google Cloud Partner to Scale Industrial Intelligence
Nozomi Networks: OT/IoT Cybersecurity Enters Next Growth Phase After Acquisition
