diff options
Diffstat (limited to 'script/README')
| -rw-r--r-- | script/README | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/script/README b/script/README new file mode 100644 index 0000000..15f121e --- /dev/null +++ b/script/README @@ -0,0 +1,9 @@ +This directory contains a baseline implementation of the package parser +implemented as a Bro script. A .bro file contains a script that can be +executed on a Modbus pcap dump. A .log file contains an example for an +output file generated by this script. By convention, the sample log file +should contain the first 100 lines of a real log file obtained from running +the script on packets_00014_20161128135616.cap. + +Currently, the scripts only handle the read_holding_registers event. Other +events can handled by simply copying and adapting the existing handlers. |