Hello Zeek Devs,
I would like to write a protocol analyzer and need some direction. I would like to write something simple which works on TCP, similar to the ConnSize analyzer. I would like my analyzer to be distributed as a plugin, similar to MITRE's HTTP2 analyzer, so I am following the docs here:
However, the docs don't detail much beyond creating a built in function. A colleague pointed me at this quickstart script for binpac:
The quickstart script seems to be intended for writing a protocol analyzer which gets merged into the Zeek source. This is not how plugins operate.
I'm looking for some guidance on how to proceed. Thanks in advance.