[Zeek] VRRP/CARP Packet Analyser
Andrew Klaus
andrew at aklaus.ca
Sat Apr 13 00:14:36 PDT 2019
Hello,
In my weird.log, I've noticed unknown_protocol_112 showing up regularly for
me. I believe this to be the Virtual Router Redundancy Protocol (VRRP),
which does match up with CARP that's enabled on our OpenBSD firewalls.
Before I start looking further, has anyone built a parser for Zeek already?
If not, I'll start reading the protocol spec and seeing if I'm able to
write one. I believe it to be useful to have the protocol analyzed for
noticing any anomalies, etc.
Thanks!
Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190413/d84fba0e/attachment.html
More information about the Zeek
mailing list