You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I run a PCAP though the the Zeek command it parses the pcap and creates the logs as intended. However, when I use a packet replay tool to play the packets over a monitored interface it does not parse the pcap. I can see the PCAP on the interface with wireshark, and wireshark parses it correctly. I can also see the traffic in Conn.logs, but never get the parsed logs outputted. Zeek shows that the scripts loaded. I do not know if this is just a capability/functionality issue, or if this is an actual bug. It is also possible that it is specific to only replayed packets. I do not have actual live ICS traffic that I can monitor, so I need to make sure that it does in fact work at parsing live traffic.
The text was updated successfully, but these errors were encountered:
🐛 Summary
When I run a PCAP though the the Zeek command it parses the pcap and creates the logs as intended. However, when I use a packet replay tool to play the packets over a monitored interface it does not parse the pcap. I can see the PCAP on the interface with wireshark, and wireshark parses it correctly. I can also see the traffic in Conn.logs, but never get the parsed logs outputted. Zeek shows that the scripts loaded. I do not know if this is just a capability/functionality issue, or if this is an actual bug. It is also possible that it is specific to only replayed packets. I do not have actual live ICS traffic that I can monitor, so I need to make sure that it does in fact work at parsing live traffic.
The text was updated successfully, but these errors were encountered: