From bc5ecd6da7f068a12b9ee5397178723481c7a3ea Mon Sep 17 00:00:00 2001 From: Andreas Lindhé Date: Tue, 31 Oct 2017 08:33:46 +0100 Subject: Move all files one level down --- script/README | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 script/README (limited to 'script/README') diff --git a/script/README b/script/README new file mode 100644 index 0000000..15f121e --- /dev/null +++ b/script/README @@ -0,0 +1,9 @@ +This directory contains a baseline implementation of the package parser +implemented as a Bro script. A .bro file contains a script that can be +executed on a Modbus pcap dump. A .log file contains an example for an +output file generated by this script. By convention, the sample log file +should contain the first 100 lines of a real log file obtained from running +the script on packets_00014_20161128135616.cap. + +Currently, the scripts only handle the read_holding_registers event. Other +events can handled by simply copying and adapting the existing handlers. -- cgit v1.2.3