[Zeek-Dev] Hi + LL Analyzer
Jan Grashöfer
jan.grashoefer at gmail.com
Thu Feb 7 02:32:08 PST 2019
To add a bit more context: The idea is to implement a plugin interface
for low-level analyzers (see https://github.com/zeek/zeek/issues/248)
and collect requirements on the list.
Some first thoughts and questions:
- What would be the lowest layer to built up on or should everything be
pluggable down to the packet source?
- What about the concept of connections? For some LL protocols the
concept might be counterintuitive.
- The interface should support to pass payload to other analyzers. Does
it make sense to come up with a generalized DPD-mechanism?
Jan
More information about the zeek-dev
mailing list