Tag: pcaps

Zeek’s suspend_processing Quirk With PCAPs

March 21, 2023

In the comments of an earlier blog: … we found an interesting situation. Even when you call “suspend_processing” in zeek_init, like this: … Zeek will still process the first packet. The “new_connection”…
Industrial Control Systems (ICS) PCAP Resources For Zeek And Wireshark

March 10, 2023

In this video I walk through several resources to download ICS protocol PCAPs:

Zeek’s suspend_processing Quirk With PCAPs