Hello Zeek Devs, I would like to write a protocol analyzer and need some direction. I would like to write something simple which works on TCP, similar to the ConnSize analyzer. I would like my analyzer to be distributed as a plugin, similar to MITRE's HTTP2 analyzer, so I am following the docs here: https://docs.zeek.org/en/stable/devel/plugins.html
However, the docs don't detail much beyond creating a built in function. A colleague pointed me at this quickstart script for binpac: https://github.com/grigorescu/binpac_quickstart The quickstart script seems to be intended for writing a protocol analyzer which gets merged into the Zeek source. This is not how plugins operate. I'm looking for some guidance on how to proceed. Thanks in advance. -AK
_______________________________________________ zeek-dev mailing list zeek-dev@zeek.org http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek-dev