I’m trying to setup my ZEEK system to do both MODBUS and DNP3 live capture on the network. When I include the following statements into my local.zeek file it fails on deployment with the error “fatal error in …/…/…/local.zeek. Can’t find protocols/modbus/software”
Here is my load statements in local.zeek:
@load protocols/modbus/software
@load protocols/dnp3/software
Any suggestion or examples on configurations for live capture for these two protocols?
Any help would be greatly appreciated!
Those scripts don’t actually exist, only a few protocols have the ‘software’ scripts;
scripts/policy/protocols/ftp/software.zeek
scripts/policy/protocols/ssh/software.zeek
scripts/policy/protocols/http/software-browser-plugins.zeek
scripts/policy/protocols/http/software.zeek
scripts/policy/protocols/smtp/software.zeek
scripts/policy/protocols/mysql/software.zeek
scripts/policy/protocols/dhcp/software.zeek
The default scripts/base/init-default.zeek already contains the @load statements for the base dnp3 and modbus scripts;
@load base/protocols/dnp3
@load base/protocols/modbus
so you shouldn’t have to do any configuration to analyze these protocols.