HART-IP

Overview

HART-IP is a Zeek plugin (written in Spicy) for parsing and logging fields used by the HART-IP protocol.

HART-IP is the IP extension of the Highway Addressable Remote Transducer (HART) protocol. The HART protocol is a hybrid analog+digital industrial automation open protocol. It is currently maintained by the FieldComm Group (https://www.fieldcommgroup.org/).

This parser is a minimal release. While many commands are parsed, not all of them are currently implemented. Additional commands may be added based on community feedback.

Installation (via zkg)

Package Manager

This script is available as a package for Zeek Package Manager. Zeek includes Spicy support by default as of v6.0.0.

zkg refresh
zkg install icsnpp-hart-ip

If this package is installed from ZKG it will be added to the available plugins. This can be tested by running zeek -NN | grep ANALYZER_SPICY_HART_IP. If installed correctly you will see:

[Analyzer] spicy_HART_IP_TCP (ANALYZER_SPICY_HART_IP_TCP, enabled)
[Analyzer] spicy_HART_IP_UDP (ANALYZER_SPICY_HART_IP_UDP, enabled)

If you have ZKG configured to load packages (see @load packages in the ZKG Quickstart Guide), this plugin and scripts will automatically be loaded and ready to go.

Installation (via git clone)

git clone https://github.com/cisagov/icsnpp-hart-ip.git
cd icsnpp-hart-ip
mkdir build && cd build && cmake .. && make

From here you can install the locally built files through zkg install ./icsnpp-hart-ip and run it like you would normally. Or you can manually run the parser without installing it: zeek ./build/hart_ip.hlto ./scripts/__load__.zeek -Cr <pcap>

ICSNPP Packages

All ICSNPP Packages:

ICSNPP

icsnpp-hart-ip

HART-IP

Overview

Installation (via zkg)

Package Manager

Installation (via git clone)

ICSNPP Packages

License

Package Version :

Description :

Script Dir :

Build Command :

Test Command :

Depends :

Package Checks : ☑