georgemakrakis
commented
8 months ago @biswajitutil I am not sure I understand the question. Do you want the raw bytes of the payload to be sent to the third party tool? Or the logs produced by Zeek?
First, can you define payload? For example the payload of TCP in the case of IEC 104 will be the whole IEC 104 layer. But for the IEC 104 the payload might be considered the ASDU.
If it is the former, the solution will be to send the captured packets to your third part app (e.g. via port mirroring) and harvest the information that you need, in your own way. If it is the latter then you can keep checking for the log files produced by this parser from your third-party app, and as they are updated read their contents.
Hi George, Thanks, I will check the above issue resolution. As you have done lots of hands on with spicy parser, can you suggest a way to access protocol payload or pdus per packet basis. Requirement is to send whole payload of a protocol for eg. iec104 to a third party daemon/parser from zeek. Currently we are using tcp payload over 2404 as iec104, my requirement is to send/dump this per packet payload. There is an option in payload &eod, (tried &chunked &eod as well) but it waits for whole stream not per packet, if you know solution to access per packet payload for a protocol, please let me know. Thanks Biswa