mirror of
https://github.com/zeek/zeek.git
synced 2025-10-14 04:28:20 +00:00
45f1b89f60
Includes a bit more docs/comments cleanup. We should eventually document the events further but it should suffice for now. * topic/robin/dnp3-merge-v3: Tiny bit of cleanup and adapting the new test. added a test case for dnp3 packets with only link layer added condition to check DNP3 packet without app layer data Fixing well-known port. Pluginizing the DNP3 analyzer, plus a basic script logging requests and replies.
12 lines
553 B
Text
12 lines
553 B
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path dnp3
|
|
#open 2013-08-12-18-24-00
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fc_request fc_reply iin
|
|
#types time string addr port addr port string string count
|
|
1325043635.216629 UWkUyAuUGXf 130.126.142.250 50300 130.126.140.229 20000 OPEN_FILE RESPONSE 0
|
|
1325043637.790287 UWkUyAuUGXf 130.126.142.250 50300 130.126.140.229 20000 WRITE RESPONSE 0
|
|
1325043638.820071 UWkUyAuUGXf 130.126.142.250 50300 130.126.140.229 20000 CLOSE_FILE RESPONSE 0
|
|
#close 2013-08-12-18-24-00
|