VRRP/CARP Packet Analyser

Andrew_Klaus · April 13, 2019, 7:14am

Hello,

In my weird.log, I’ve noticed unknown_protocol_112 showing up regularly for me. I believe this to be the Virtual Router Redundancy Protocol (VRRP), which does match up with CARP that’s enabled on our OpenBSD firewalls.

Before I start looking further, has anyone built a parser for Zeek already? If not, I’ll start reading the protocol spec and seeing if I’m able to write one. I believe it to be useful to have the protocol analyzed for noticing any anomalies, etc.

Thanks!
Andrew

seth · April 18, 2019, 2:30am

I haven't heard of anyone working on this fwiw. Feel free to reach out again if you need help with anything!

.Seth

Topic		Replies	Views
BGP/RSVP/OSPF Zeek	7	279	May 6, 2022
Additional Industrial Control Systems Protocols Development development	3	163	May 6, 2022
Modbus protocol event handler for Bro Zeek	2	102	May 6, 2022
Noise Protocol Framework. Zeek	2	115	May 6, 2022
icmp and bro Zeek	1	102	May 6, 2022

VRRP/CARP Packet Analyser

Related topics