Skip to content
Zeek network security monitor plugin that enables parsing of the Ethernet/IP and Common Industrial Protocol standards
Zeek JavaScript C++ Dockerfile Makefile Shell CMake
Branch: master
Clone or download
Latest commit 854aeda Oct 21, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Creating initial file from template Oct 4, 2019
scripts Update main.zeek Oct 21, 2019
src Initial release of zeek-plugin-enip Oct 4, 2019
CMakeLists.txt
CODE_OF_CONDUCT.md Creating initial file from template Oct 4, 2019
CONTRIBUTING.md Creating initial file from template Oct 4, 2019
Dockerfile Update Dockerfile Oct 8, 2019
LICENSE Creating initial file from template Oct 4, 2019
Makefile Initial release of zeek-plugin-enip Oct 4, 2019
README.md Update README.md Oct 8, 2019
THIRD-PARTY update bro-cip-enip entry Oct 8, 2019
VERSION Initial release of zeek-plugin-enip Oct 4, 2019
configure
configure.plugin Initial release of zeek-plugin-enip Oct 4, 2019
zkg.meta update zkg metadata for packages.zeek.org Oct 7, 2019

README.md

Zeek Plugin ENIP

When running as part of your Zeek installation this plugin will produce three log files containing metadata extracted from any Ethernet/IP (ENIP) and Common Industrial Protocol (CIP) traffic observed on UDP port 2222 and port 44818 TCP/UDP. Ethernet/IP and CIP are often observed together. cip.log and enip.log contain metadata from their respective protocols while enip_list_identity.log contains addtional data extracted from specific ENIP messages relating to device identity.

Installation and Usage

zeek-plugin-enip is distributed as a Zeek package and is compatible with the zkg command line tool.

Sharing and Contributing

This code is made available under the BSD-3-Clause license. Guidelines for contributing are available as well as a pull request template. A Dockerfile has been included in the repository to assist with setting up an environment for testing any changes to the plugin.

Acknowledgements

You can’t perform that action at this time.