by Evan Typanski | Jun 3, 2025 | performance, Protocol Parsing, Spicy, Zeek
Within Zeek, there are two separate parser generators: Binpac (the old one) and Spicy (the new one). Both allow users to write protocol parsers by declaring what the protocol looks like rather than writing C++ code to parse it. Binpac parsers are difficult to write....
by Evan Typanski | Jan 28, 2025 | Protocol Parsing, Spicy, Zeek
In our last post, we left off with a functional but incomplete analyzer for Redis. It analyzed RESP (Redis Serialization Protocol) traffic, crudely created “command” objects, then sent that off into Zeek script in events in order to log it. It created something nice,...
by Evan Typanski | Jan 22, 2025 | Protocol Parsing, Spicy, Zeek
You can find the source code referenced throughout this post here — though, it is quite different from what is written here. Redis is an in-memory, key-value database. Its primary use is for caching. It does this over the network, but it’s only really meant to be used...
by Robin Sommer | May 18, 2020 | Protocol Parsing, Spicy, Zeek
We are very happy to announce a new Zeek project now available on GitHub. The Spicy parser generator makes it substantially easier for Zeek to support and parse new protocols and file formats. I will tell you a bit more about Spicy’s capabilities and history in the...
RSS - Posts