zeek-spicy-openvpn

zeek-spicy-openvpn

This is a protocol analyzer that detects OpenVPN traffic. You must install Spicy to use this package.

Blogs and webinars detailing the development of this protocol analyzer:

Example Log:

#separator \x09
#set_separator	,
#empty_field	(empty)
#unset_field	-
#path	conn
#open	2021-11-24-17-01-53
#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
1613755368.960989	CHhAvVGS1DHFjwGM9	192.168.88.3	50568	46.246.122.61	1198	udp	spicy_openvpn_udp	44.271572	5825	8524	SF	-	-	0	Dd	57	7421	48	9868	-
#close	2021-11-24-17-01-53

Sample PCAPs:

Package Version :