Move files from bro-script directory

author: Andreas Lindhé <andreas@lindhe.io> 2017-10-11 08:47:50 +0200
committer: Andreas Lindhé <andreas@lindhe.io> 2017-10-11 08:47:50 +0200
commit: da9544a4dba273d1cada460f3064d9e1ff21b44e (patch)
tree: a4280500e713216b49fdd46786f30eee3d60adb8 /broccoli/script/README
parent: 89ea70298caff759b719ab0855ad2cd48dfee0ca (diff)
download: midbro-da9544a4dba273d1cada460f3064d9e1ff21b44e.tar.gz
midbro-da9544a4dba273d1cada460f3064d9e1ff21b44e.tar.bz2
1 files changed, 9 insertions, 0 deletions
diff --git a/broccoli/script/README b/broccoli/script/README
new file mode 100644
index 0000000..15f121e
--- /dev/null
+++ b/broccoli/script/README
@@ -0,0 +1,9 @@
+This directory contains a baseline implementation of the package parser
+implemented as a Bro script.  A .bro file contains a script that can be
+executed on a Modbus pcap dump.  A .log file contains an example for an
+output file generated by this script.  By convention, the sample log file
+should contain the first 100 lines of a real log file obtained from running
+the script on packets_00014_20161128135616.cap.
+
+Currently, the scripts only handle the read_holding_registers event.  Other
+events can handled by simply copying and adapting the existing handlers.
author	Andreas Lindhé <andreas@lindhe.io>	2017-10-11 08:47:50 +0200
committer	Andreas Lindhé <andreas@lindhe.io>	2017-10-11 08:47:50 +0200
commit	da9544a4dba273d1cada460f3064d9e1ff21b44e (patch)
tree	a4280500e713216b49fdd46786f30eee3d60adb8 /broccoli/script/README
parent	89ea70298caff759b719ab0855ad2cd48dfee0ca (diff)
download	midbro-da9544a4dba273d1cada460f3064d9e1ff21b44e.tar.gz midbro-da9544a4dba273d1cada460f3064d9e1ff21b44e.tar.bz2