NothinRandom
NothinRandom
@duffy-corelight, currently no services/messages on layer 2 have been implemented yet since Zeek doesn't exactly expose a good interface to handle this. The closest example is from ARP, but I...
@duffy-corelight, thank you for providing this insight! I'll start by updating the [enumeration](https://github.com/amzn/zeek-plugin-bacnet/blob/master/scripts/consts.zeek#L15). Do you also know the data structure of messages 6-8? I found this on the BACNet website,...
@duffy-corelight, adding this to our next commit sometime this week
@duffy-corelight, it would really help if you also have pcaps for verification
@duffy-corelight, looking through code and various test pcaps. I do see these pop up. By "implemented", is it safe to assume that you mean parsing? If so, then pcaps would...
@duffy-corelight, [latest update](https://github.com/amzn/zeek-plugin-bacnet/commit/4f91d6a9fd1ec24b2e10216cbbab8081774d4686#diff-e971e4317e8e746322cff8d24b0eff78R130-R162) partially addresses this issue. Like the others, I'll let the customer close the issue if deemed as satisfied. Edit: output looks like ``` #fields ts uid id.orig_h...
@duffy-corelight, [latest update](https://github.com/amzn/zeek-plugin-bacnet/commit/4f91d6a9fd1ec24b2e10216cbbab8081774d4686#diff-e971e4317e8e746322cff8d24b0eff78R140-R153) and [enumeration](https://github.com/amzn/zeek-plugin-bacnet/commit/4f91d6a9fd1ec24b2e10216cbbab8081774d4686#diff-8094a7ea22d46514e43245efe7863d8eR764-R793) addresses this issue. Like the others, I'll let the customer close the issue if deemed as satisfied.
@duffy-corelight, I don't mind discussing it here at all. For both inquiries, this was done so because those are the items that was noticed often in our traffic. I took...
@duffy-corelight, it was because we didn't see traffic that contained the missing datatypes, so it was deemed safer to exclude them just in case incorrect parsing could have crashed zeek.
@duffy-corelight, [latest update](https://github.com/amzn/zeek-plugin-bacnet/commit/4f91d6a9fd1ec24b2e10216cbbab8081774d4686#diff-e971e4317e8e746322cff8d24b0eff78R140-R144) addresses this issue. Like the others, I'll let the customer close the issue if deemed as satisfied.