by Evan Typanski | Jun 3, 2025 | performance, Protocol Parsing, Spicy, Zeek
Within Zeek, there are two separate parser generators: Binpac (the old one) and Spicy (the new one). Both allow users to write protocol parsers by declaring what the protocol looks like rather than writing C++ code to parse it. Binpac parsers are difficult to write....
by Evan Typanski | Jan 28, 2025 | Protocol Parsing, Spicy, Zeek
In our last post, we left off with a functional but incomplete analyzer for Redis. It analyzed RESP (Redis Serialization Protocol) traffic, crudely created “command” objects, then sent that off into Zeek script in events in order to log it. It created something nice,...
by Evan Typanski | Jan 22, 2025 | Protocol Parsing, Spicy, Zeek
You can find the source code referenced throughout this post here — though, it is quite different from what is written here. Redis is an in-memory, key-value database. Its primary use is for caching. It does this over the network, but it’s only really meant to be used...
RSS - Posts