GitHub - 5l1v3r1/zeek-plugin-enip: Zeek network security monitor plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards

Zeek Plugin ENIP

When running as part of your Zeek installation this plugin will produce three log files containing metadata extracted from any Ethernet/IP (ENIP) and Common Industrial Protocol (CIP) traffic observed on UDP port 2222 and port 44818 TCP/UDP. Ethernet/IP and CIP are often observed together. cip.log and enip.log contain metadata from their respective protocols while enip_list_identity.log contains addtional data extracted from specific ENIP messages relating to device identity.

Installation and Usage

zeek-plugin-enip is distributed as a Zeek package and is compatible with the zkg command line tool.

Sharing and Contributing

This code is made available under the BSD-3-Clause license. Guidelines for contributing are available as well as a pull request template. A Dockerfile has been included in the repository to assist with setting up an environment for testing any changes to the plugin.

Acknowledgements

Earlier work on CIP and ENIP by SCy-Phy

Name		Name	Last commit message	Last commit date
Latest commit History 17 Commits
.github		.github
scripts		scripts
src		src
CMakeLists.txt		CMakeLists.txt
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
Dockerfile		Dockerfile
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
THIRD-PARTY		THIRD-PARTY
VERSION		VERSION
configure		configure
configure.plugin		configure.plugin
zkg.meta		zkg.meta

License

5l1v3r1/zeek-plugin-enip

Folders and files

Latest commit

History

Repository files navigation

Zeek Plugin ENIP

Installation and Usage

Sharing and Contributing

Acknowledgements

About

Resources

License

Code of conduct

Stars

Watchers

Forks

Languages