[Zeek] R: ntp protocol analyzer
Palumbo Mauro
mauro.palumbo at aizoon.it
Mon May 27 00:35:26 PDT 2019
Ok, thanks for the feedback. I’ll have a look at that. I need to get something working soon. But I’ll keep everybody posted about what I can do about this analyzer.
Mauro
Da: Vlad Grigorescu [mailto:vlad at es.net]
Inviato: domenica 26 maggio 2019 14:30
A: Seth Hall <seth at corelight.com>
Cc: Palumbo Mauro <mauro.palumbo at aizoon.it>; zeek at zeek.org
Oggetto: Re: [Zeek] ntp protocol analyzer
There's some work in branch topic/vladg/ntp<https://github.com/zeek/zeek/compare/topic/vladg/ntp>, but that's incomplete and ~3 years old.
--Vlad
On Sat, May 25, 2019 at 4:26 AM Seth Hall <seth at corelight.com<mailto:seth at corelight.com>> wrote:
No one is working on it that I know of and it's written in C++ because it's older. I think at some point I rewrote it in binpac but I suspect that has been lost to the sands of time at this point. A couple of years ago I think some others were working on ntp related stuff but I don't know if that went anywhere.
If you're up for it, feel free to take on the ntp analyzer and rehab it!
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com<http://www.corelight.com>
On May 24, 2019, at 4:29 AM, Palumbo Mauro <mauro.palumbo at aizoon.it<mailto:mauro.palumbo at aizoon.it>> wrote:
Hi Zeek’s devs,
I am interested in an analyzer for the NTP protocol. I have seen that there is one in Zeek, but it doesn’t really parse all fields in details. Is anyone working on extending the present analyzer? Would it be of interest for the community to do so?
Is there any reason why the present analyzer is written in C++ rather than binpac?
Thanks,
Mauro
_______________________________________________
Zeek mailing list
zeek at zeek.org<mailto:zeek at zeek.org>
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
_______________________________________________
Zeek mailing list
zeek at zeek.org<mailto:zeek at zeek.org>
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190527/a28d0fd7/attachment.html
More information about the Zeek
mailing list