it stands for "protocol independent analysis" and refers to Zeek's
ability to analyze application-layer protocols on top of TCP/UDP
independent of their ports. The PIA is the component that figures out
which protocol analyzer to use for a given session.
This is not related to packet level analysis. For that, the upcoming
Zeek 4.0 introduces a new notion of "packet analyzers", see
On Thu, Dec 10, 2020 at 01:22 +0000, Brett D. Rasmussen via zeek wrote:
Does anyone have any additional documentation for the Zeek::PIA plugin?
What does "PIA" stand for?
There are two plugin instantiations within the plugin code, i.e.
The plugin's 'description' field says: "Analyzers implementing
Are these for packet level analysis (i.e. OSI Layer 2 protocols)
Cyber Security Researcher
Supporting the DHS CIOCC Advanced Analytical Lab
Phone: (208) 526-5486
Fax: (208) 526-6173
zeek mailing list -- zeek(a)lists.zeek.org
To unsubscribe send an email to zeek-leave(a)lists.zeek.org
Robin Sommer * Corelight, Inc. * robin(a)corelight.com * www.corelight.com