Proposal to remove the finger protocol analyzer

(For some additional context, please see:

I’d like to remove the finger analyzer from core Zeek. The analyzer that’s in place today is incomplete, untested, and is showing its age. It’s not enabled by default, and the functionality to use it is not in Zeek. As such, I’m proposing that it’s simply removed, and not deprecated first.

If you rely on this analyzer today, and feel strongly about it staying, please let me know. I’d be interested in hearing your use-case(s) and working on bringing it out of its current state of purgatory, perhaps as a plug-in.

Lovers of ancient protocols should fear not, however, as I plan on adding a whois protocol analyzer. The two protocols are closely related, and whois could be a complete analyzer, with tests. In addition, whois seems more operationally useful today, as we see attackers running it on once they gain a foothold, and more tech-savvy users will run it after receiving a suspicious e-mail.

Many thanks,


Seems reasonable to me.