Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 21:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'modbus-fixes' of https://github.com/zambo99/zeek

Browse source 
* 'modbus-fixes' of https://github.com/zambo99/zeek:
  Prevent non-Modbus on port 502 to be reported as Modbus

(cherry picked from commit 4763282f36)
This commit is contained in:
Arne Welzel 2024-10-21 15:51:05 +02:00 committed by Tim Wojtulewicz
parent 300b7a11ac
commit 3ebe867193
9 changed files with 88 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

7
testing/btest/scripts/base/protocols/modbus/modbus_and_non_modbus_on_port_502.test Normal file
View file

@ -0,0 +1,7 @@
# @TEST-EXEC: zeek -r $TRACES/modbus/modbus-and-non-modbus-p502.pcap
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff modbus.log
# @TEST-EXEC: btest-diff analyzer.log
# The pcap has non Modbus traffic (i.e., DCERPC, HTTP, Magellan, NFS, RDP, TLS) on TCP port 502.
# This traffic should not be labelled as Modbus in conn.log, and not generate any Modbus events.