Kleinspider
commented
1 year ago I believe this was been added to the parser on June 12 via commit: 4c7340cf7159cf27076ad94078cc5968010aea0d unless there is something else we are missing or if there is a problem with the current implementation?
Version 1.3 and 1.4 both contain this code, but only version 1.4 contains a test case (analyzer.services) that contain NPDU (NSPDU) logs
Feature Request
Give the parser the ability to explicitly log network layer messages from the NSDU.
Feature Context
The BACnet protocol Network Service Data Unit (NSDU) has two main message types. The first is the Application Protocol Data Unit (APDU) which is currently being explicitly logged by the parser. The second is a network layer message that primarily controls the routing behavior of BACnet devices. These packets are not currently being explicitly logged, which leads either to events being dropped or logged as their closest equivalent APDU counterpart (for example, the network layer message
I-Am-Router-To-Networkis currently being logged as an APDUI-amevent).Feature Value Add
This feature would be useful for parser users because it would enable them to more accurately interpret their router network data and the relationship between their devices and network flows. Because these events are primarily concerned with device routing behavior, users could leverage these Zeek packets to determine which devices can communicate and the relationship between these devices and the router. Overall, this change could make network topologies easier to map.
Links
http://bacnetwiki.com/wiki/index.php?title=Network_Layer_Message_Type