[Zeek] VRRP/CARP Packet Analyser

Seth Hall seth at corelight.com
Wed Apr 17 19:30:46 PDT 2019


On 13 Apr 2019, at 3:14, Andrew Klaus wrote:

> In my weird.log, I've noticed unknown_protocol_112 showing up 
> regularly for
> me. I believe this to be the Virtual Router Redundancy Protocol 
> (VRRP),
> which does match up with CARP that's enabled on our OpenBSD firewalls.
>
> Before I start looking further, has anyone built a parser for Zeek 
> already?

I haven't heard of anyone working on this fwiw.  Feel free to reach out 
again if you need help with anything!

   .Seth

--
Seth Hall * Corelight, Inc * www.corelight.com


More information about the Zeek mailing list