Hey Robin,
thanks for you answer. I will look through this files and see if I can
use this kind of reassembling.
> If with "payload" you mean the raw bytes, you would pass that as a
> string into the event. But it's hard to do much with raw data that in
> script-land. The common way would be
On Wed, May 02, 2018 at 22:22 +0200, you wrote:
> 1) Reassembling packets: Some S7CommPlus packets which payload is over a
> certain amount of bytes will be split and need to be reassembled.
As a couple quick pointers, the DNP3 and DTLS analyzers face a similar
task, you might find some ideas
Hi there,
as a part of my master's thesis I'm going to write two analyzer which
will be able detect S7Comm and S7CommPlus traffic used by Siemens PLCs.
Both protocols are proprietary, so I have no official documentation. The
goal is to monitor this kind of traffic and/or detect threats against