[Oisf-devel] Question regarding Modbus payload

Victor Julien victor at inliniac.net
Fri Aug 21 15:28:44 UTC 2015


On 08/21/2015 03:05 PM, LUKAT Alexandre Ext wrote:
> [NOT WORKING]
> alert modbus any any -> any 502 (msg:"Modbus traffic detected!"; flow:stateless; 'dsize:>0; sid:123596;)  => 'modbus' instead of 'tcp'
> 
> In fine, I would like to use 'modbus.function: 0x5A;' type of statements.

The modbus parser is part of 2.1beta4. Have you tried running that version?

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-devel mailing list