HART-IP is a Zeek plugin (written in Spicy) for parsing and logging fields used by the HART-IP protocol.
HART-IP is the IP extension of the Highway Addressable Remote Transducer (HART) protocol. The HART protocol is a hybrid analog+digital industrial automation open protocol. It is currently maintained by the FieldComm Group (https://www.fieldcommgroup.org/).
This parser is a minimal release. While many commands are parsed, not all of them are currently implemented. Additional commands may be added based on community feedback.
This script is available as a package for Zeek Package Manger
zkg refresh
zkg install icsnpp-hart-ipIf ZKG is configured to load packages (see @load packages in quickstart guide), this script will automatically be loaded and ready to go. ZKG Quickstart Guide
If users are not using site/local.zeek or another site installation of Zeek and want to run this script on a packet capture, they can add icsnpp-hart-ip to the command to run this script on the packet capture from a cloned version of this repository:
zeek -Cr <path_to_pcap> icsnpp-hart-ipTo install from a local version of the repository, navigate to a clean locally cloned version of the repository and run the following commands:
zkg install .
zeek -Cr <path_to_pcap> localAll ICSNPP Packages:
Copyright 2024 Battelle Energy Alliance, LLC. Released under the terms of the 3-Clause BSD License (see LICENSE.txt).