[Zeek] VRRP/CARP Packet Analyser
Seth Hall
seth at corelight.com
Wed Apr 17 19:30:46 PDT 2019
On 13 Apr 2019, at 3:14, Andrew Klaus wrote:
> In my weird.log, I've noticed unknown_protocol_112 showing up
> regularly for
> me. I believe this to be the Virtual Router Redundancy Protocol
> (VRRP),
> which does match up with CARP that's enabled on our OpenBSD firewalls.
>
> Before I start looking further, has anyone built a parser for Zeek
> already?
I haven't heard of anyone working on this fwiw. Feel free to reach out
again if you need help with anything!
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com
More information about the Zeek
mailing list