[Zeek] New Analyzer
Aaron Heller
deltah24 at gmail.com
Tue Jul 9 18:44:35 PDT 2019
Hi everyone,
I'm working on a BACnet protocol analyzer for Zeek and am having problems
getting the analyzer to fire. I've been working with Zeek version 2.6.2
and the analyzer was created using binpac_quickstart.
BACnet is a UDP based building automation and control protocol (think
furnaces, security/access systems, lighting, etc.).
Not sure what info would be most helpful, if anyone is willing to lend some
insight as why the analyzer isn't firing off? The analyzer is supposed to
be signature based and bro -N shows it as built-in and active. If bro -s
option is used to specify the signature file then the analyzer will fire
off appropriately, but I'm looking for it to auto-magically be included in
the UDP analyzer tree.
Greatly appreciate any help or thought for where to look first,
Aaron
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Virus-free.
www.avg.com
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190709/a8579081/attachment.html
More information about the Zeek
mailing list