When running as part of your Zeek installation this plugin will produce two log files containing metadata extracted from any ISO COTP and Siemens S7 traffic observed on TCP port 102. S7 uses COTP as transport.
zeek-plugin-s7comm is distributed as a Zeek package and is compatible with the zkg command line tool.
This code is made available under the BSD-3-Clause license. Guidelines for contributing are available as well as a pull request template. A Dockerfile has been included in the repository to assist with setting up an environment for testing any changes to the plugin.
- Earlier work on S7 parsing by the Laboratory of Cryptography and System Security