[Bro] Parsing Modbus packet with Function code 15
Vishak Muthukumar
vmuthu at ucdavis.edu
Wed May 14 03:08:27 PDT 2014
Hi,
I am having a problem in parsing the modbus packet with function code 15.
I have a trace file which has a write request to write to coil 0.
But when I monitor that trace file in my bro script, I cannot see the coil
value. It says the size of the coil vector is empty.
The command I use to run the bro script is -
PREFIX/bin/bro -C -r <trace file> <bro file>
I checked the tracefile in the wireshark to make sure that the packets have
the coil data.
I have attached the trace file and the bro script.
Thanks
--
Vishak Muthukumar
Graduate Student
University of California, Davis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140514/11f1f444/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: trace
Type: application/octet-stream
Size: 3168 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140514/11f1f444/attachment.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: write_multiple.bro
Type: application/octet-stream
Size: 1002 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140514/11f1f444/attachment-0001.obj
More information about the Bro
mailing list