[Bro] Parsing Modbus packet with Function code 15
Hui Lin (Hugo)
hlin33 at illinois.edu
Wed May 14 09:54:53 PDT 2014
Hi Seth,
If we want to extract the value such as coil value from Modbus analyzer, do
we need to redeclare the event handler included in event.bif? I saw that
you use the "this" pointer to represent the whole payload message. I might
need to use the Modbus analyzer in another project later.
Thanks,
Best,
Hui Lin
On Wed, May 14, 2014 at 11:24 AM, Seth Hall <seth at icir.org> wrote:
>
> On May 14, 2014, at 10:40 AM, Robin Sommer <robin at icir.org> wrote:
>
> > On Wed, May 14, 2014 at 03:08 -0700, Vishak Muthukumar wrote:
> >
> >> I have a trace file which has a write request to write to coil 0.
> >> But when I monitor that trace file in my bro script, I cannot see the
> coil
> >> value. It says the size of the coil vector is empty.
> >
> > Iirc, the analyzer doesn't further extract coil values yet.
>
> I was unable to find traffic that dealt with coils so I left that out.
> Most of the infrastructure is in place however. Vishak, can we use the
> traffic you submitted in our test suite if it works out when we look at it?
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
--
Hui Lin
PhD Candidate, Research Assistant
Electrical and Computer Engineering Department
University of Illinois at Urbana-Champaign
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140514/be0ef80d/attachment.html
More information about the Bro
mailing list