Zeek-Parser-CCLinkFieldBasic is a Zeek plug-in that can analyze CC-Link IE Field Basic of the CC-Link family.
This plug-in is provided as a package for Zeek Package Manger.
It can be installed by executing the commands below.
zkg refresh
zkg install zeek-parser-CCLinkFieldBasic
Before using this plug-in, please make sure Zeek, Spicy has been installed.
# Check Zeek
~$ zeek -version
zeek version 5.0.0
# Check Spicy
~$ spicyz -version
1.3.16
~$ spicyc -version
spicyc v1.5.0 (d0bc6053)
# The path of zeek in this manual is based on the following output
~$ which zeek
/usr/local/zeek/bin/zeek
Use git clone
to get a copy of this repository to your local environment.
~$ git clone https://github.com/nttcom/zeek-parser-CCLinkFieldBasic.git
cclink-ief-basic.log
will be generated by the command below:
zeek -Cr /usr/local/zeek/var/lib/zkg/clones/package/zeek-parser-CCLinkFieldBasic/testing/Traces/cclink_ief_basic_only.pcap zeek-parser-CCLinkFieldBasic
Compile source code and copy the object files to the following path.
~$ cd ~/zeek-parser-CCLinkFieldBasic/analyzer
~$ spicyz -o cc_link_basic.hlto cc_link_basic.spicy cc_link_basic.evt
~$ # cc_link_basic.hltoが生成されます
~$ cp cc_link_basic.hlto /usr/local/zeek/lib/zeek-spicy/modules/
Then, copy the zeek file to the following paths.
~$ cd ~/zeek-parser-CCLinkFieldBasic/scripts/
~$ cp main.zeek /usr/local/zeek/share/zeek/site/cc_link_basic.zeek
Finally, import the Zeek plugin.
~$ tail /usr/local/zeek/share/zeek/site/local.zeek
... Omit ...
@load cc_link_basic
This plug-in generates a cclink-ief-basic.log
by the command below:
~$ cd ~/zeek-parser-CCLinkFieldBasic/testing/Traces
~$ zeek -Cr cclink_ief_basic_only.pcap /usr/local/zeek/share/zeek/site/cc_link_basic.zeek
This plug-in monitors all functions of mydhcp and outputs them as cclink-ief-basic.log
.
Field | Type | Description |
---|---|---|
ts | time | timestamp of the first communication |
uid | string | unique ID for this connection |
id.orig_h | addr | source IP address |
id.orig_p | port | source port number |
id.resp_h | addr | destination IP address |
id.resp_p | port | destination port number |
pdu | string | protocol function name |
cmd | string | cyclic or - |
number | int | number of packet occurrence |
ts_end | time | timestamp of the last communication |
An example of cclink-ief-basic.log
is as follows:
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path cclink-ief-basic
#open 2023-05-27-00-52-06
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p pdu cmd number ts_end
#types time string addr port addr port string string int time
1655284124.953994 CIAp8bugKIZRVpAYk 172.16.134.129 61450 172.16.134.128 61450 cyclicDataRes - 222 1655284149.499713
1655284124.859924 Ckkc3929guO41BnpSa 172.16.134.128 61450 172.16.134.255 61450 cyclicDataReq cyclic 222 1655284149.392238
#close 2023-05-27-00-52-06
This plug-in is used by OsecT.