mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
cbb31cedc3
* origin/topic/dina/modbus: put some make-up on Modbus analyser Modbus analyser, added support: FC=20,21 Modbus analyzer,added support: FC=1,2,15,24 Modbus analyzer, current support: FC=3,4,5,6,7,16,22,23 I cleaned up the code a bit, mainly layout style. I did not include the *.bro scripts for now, but a test script ../testing/btest/scripts/base/protocols/modbus/events.bro that prints out the value for each event. Merged the Modbus traces from the ics repository into a single trace as input for the test. They currently trigger 20 of the 34 events. Addresses #870.
12 lines
382 B
Text
12 lines
382 B
Text
##! Base Modbus analysis script. For now it does not do anything else than
|
|
##! activating the analyzer for connections on Modbus port 502/tcp.
|
|
|
|
module Modbus;
|
|
|
|
export {
|
|
}
|
|
|
|
# Configure DPD and the packet filter.
|
|
redef capture_filters += { ["modbus"] = "tcp port 502" };
|
|
redef dpd_config += { [ANALYZER_MODBUS] = [$ports = set(502/tcp)] };
|
|
redef likely_server_ports += { 502/tcp };
|