[Bro-Dev] S7Comm/S7CommPlus Analyzer
Hi there, as a part of my master's thesis I wrote a protocol analyzer for the Siemens protocols S7Comm and S7CommPlus. I posted the code on my GitHub repository, which can be seen here: https://github.com/dw2102/S7Comm-Analyzer The S7Comm nearly covers all protocol functions and was tested on .pcap files I generated with a Siemens S7-1204 and other files which I found on other GitHub repositores. The S7CommPlus analyzer isn't finished yet. It covers all base functions, but without handeling the data of the packets. There is a lot to do, like fragmentation, parsing of data, testing etc. which I couldn't do, because it would have exceeded my time limit. Feel free to use, modify or share it. Dane ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] Overload Bro Events
Hello,
it is possible to overload events in Bro based on the event-parameter
and trigger the "right" event based on the given parameter?
E.g. I would define events like this
event overload%(c: connection%);
event overload%(c: connection, h: header%);
event overload%(c: connection, h: header, d: data%);
...
In the protocol parser source:
...
EventHandlerPtr ev = overload;
val_list* vl = new val_list();
switch(type) {
case 1:
vl->append(BuildConnVal());
case 2:
vl->append(BuildConnVal());
vl->append(header);
case 3:
vl->append(BuildConnVal());
vl->append(header);
vl->append(data);
}
ConnectionEvent(ev, vl);
Dane
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
