Hi Jeff, I think the master branch should contain what we wrote before. I run some simple DNP3 test cases included in Bro from master branch and I do see the simple print out message.
Does running your pcap generate any error message? Do you mind sharing the trace that you are using for me to take a look at what is going on? Best, Hui Lin On Tue, Feb 9, 2016 at 3:04 PM, Jeff Barber <[email protected]> wrote: > Hi > > I'm trying to use bro for decoding DNP3 traffic and following the logic > through its parser to the various dnp3_xxx events. (The documentation on > how to use the DNP3 events is a bit light but I think I understand what's > happening.) When I try to follow the request objects logic (e.g. as you > might get from a DNP3 write command), I can't see how they're getting > output to the bro script layer at all. Most of them seem to simply dead-end > in the parser with no event generated. > > I spent a little while looking through the bro branches and came across a > branch called topics/hui/dnp3-events that _seems_ to have support for a > bunch of additional objects. It was last worked on in February 2014 but I > can't find any hint of it in the master branch. > > Just wondering if anyone can clarify. Am I misunderstanding how it works? > Or did the code in dnp3-events branch get lost? Or was it never merged? Or > never completed? > > Thanks! > > Addressing to Hui Lin but also including bro-dev in case someone else > knows the history. > > -- Hui Lin PhD Candidate (http://hlin33.web.engr.illinois.edu/) DEPEND (http://depend.csl.illinois.edu/) ECE, Uni. of Illinois at Urbana-Champaign
_______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
