DrKeithJones.com

Social Media

Categories

  • Zeek’s suspend_processing Quirk With PCAPs

    In the comments of an earlier blog: … we found an interesting situation. Even when you call “suspend_processing” in zeek_init, like this: … Zeek will still process the first packet. The “new_connection” and “connection_state_remove” events will still fire for that first packet/connection. This is what the output looks like: ……

  • How To Profile A Zeek Spicy Protocol Analyzer

    This is a good page over at the Zeek Spicy Wiki on how to profile protocol analyzers: https://github.com/zeek/spicy/wiki/Performance-profiling-of-Spicy-parsers

  • Zeek Spicy IPSec Protocol Analyzer Update – v0.2.17

    An update in the protocol analyzer now makes it Zeek v5.2 ready. You can view more here: https://github.com/corelight/zeek-spicy-ipsec You can install the latest version with the following command:

  • My Zeek How-To Video Playlist

    Here is a playlist I put together of just my Zeek How-To videos:

  • Zeek Spicy OSPF Packet Analyzer Update – v0.1.4

    An update in the packet analyzer now makes it Zeek v5.2 ready. You can view more here: https://github.com/corelight/zeek-spicy-ospf You can install the latest version with the following command:

  • YouTube Video For How To Connect Zeek To Python Is Up!

    Here is a short video I put together to show how to pass PCAP data from Zeek through Python and back to Zeek. The original instructions I wrote can be found here: How To Connect Zeek To Python Subscribe and like if you would like to see more!

  • How To Connect Zeek To Python

    I was recently asked how to send data from Zeek to Python. After flipping through the Zeek Broker documentation I couldn’t find a good example to reference, so here is my example. The code for this demo is available here: https://github.com/keithjjones/zeek-python-broker-demo The first piece of our source code is the…

  • Industrial Control Systems (ICS) PCAP Resources For Zeek And Wireshark

    In this video I walk through several resources to download ICS protocol PCAPs:

  • Understanding The Zeek Spicy Wireguard VPN Protocol Analyzer

    In this presentation I walk through every line of code in the open source Zeek Spicy Wireguard VPN protocol analyzer. It’s more fun than it sounds, honestly. Spicy documentation: https://docs.zeek.org/projects/spicy/en/latest/index.html Slides: https://docs.google.com/presentation/d/1LOCtYEr8cJ_DLqcjJoyUu1g7-iQbOjS45AnDjzknL7U/edit?usp=sharing

  • Anatomy Of A Zeek Spicy Protocol Analyzer

    This video will walk through all the important parts of a Zeek Spicy protocol analyzer.