That may be the most compact tutorial on writing a protocol analyzer
On Wed, Mar 13, 2019 at 09:16 -0600, anthony kasza wrote:
Hello Zeek Devs,
I would like to write a protocol analyzer and need some direction. I would
like to write something simple which works on TCP, similar to the ConnSize
analyzer. I would like my analyzer to be distributed as a plugin, similar
to MITRE's HTTP2 analyzer, so I am following the docs here:
However, the docs don't detail much beyond creating a built in function. A
colleague pointed me at this quickstart script for binpac:
The quickstart script seems to be intended for writing a protocol analyzer
which gets merged into the Zeek source. This is not how plugins operate.
I'm looking for some guidance on how to proceed. Thanks in advance.
zeek-dev mailing list
Robin Sommer * Corelight, Inc. * robin(a)corelight.com *