base/protocols/dnp3/main.zeek

DNP3

A very basic DNP3 analysis script that just logs requests and replies.

Namespace

DNP3

Imports

base/protocols/conn/removal-hooks.zeek, base/protocols/dnp3/consts.zeek

Summary

Types

DNP3::Info: record

Redefinitions

Log::ID: enum

connection: record

New Fields

connection

dnp3: DNP3::Info &optional

likely_server_ports: set &redef

Events

DNP3::log_dnp3: event

Event that can be handled to access the DNP3 record as it is sent on to the logging framework.

Hooks

DNP3::finalize_dnp3: Conn::RemovalHook

DNP3 finalization hook.

DNP3::log_policy: Log::PolicyHook

Detailed Interface

Types

DNP3::Info
Type

record

ts: time &log

Time of the request.

uid: string &log

Unique identifier for the connection.

id: conn_id &log

Identifier for the connection.

fc_request: string &log &optional

The name of the function message in the request.

fc_reply: string &log &optional

The name of the function message in the reply.

iin: count &log &optional

The response’s “internal indication number”.

Events

DNP3::log_dnp3
Type

event (rec: DNP3::Info)

Event that can be handled to access the DNP3 record as it is sent on to the logging framework.

Hooks

DNP3::finalize_dnp3
Type

Conn::RemovalHook

DNP3 finalization hook. Remaining DNP3 info may get logged when it’s called.

DNP3::log_policy
Type

Log::PolicyHook