NSDU Network Layer Message Logging

[jcyprus]

Feature Request

Give the parser the ability to explicitly log network layer messages from the NSDU.

Feature Context

The BACnet protocol Network Service Data Unit (NSDU) has two main message types. The first is the
Application Protocol Data Unit (APDU) which is currently being explicitly logged by the parser. The
second is a network layer message that primarily controls the routing behavior of BACnet devices.
These packets are not currently being explicitly logged, which leads either to events being dropped
or logged as their closest equivalent APDU counterpart (for example, the network layer message I-Am-Router-To-Network is currently being logged as an APDU I-am event).

Feature Value Add

This feature would be useful for parser users because it would enable them to more accurately
interpret their router network data and the relationship between their devices and network flows.
Because these events are primarily concerned with device routing behavior, users could leverage
these Zeek packets to determine which devices can communicate and the relationship between these
devices and the router. Overall, this change could make network topologies easier to map.

Links

http://bacnetwiki.com/wiki/index.php?title=Network_Layer_Message_Type

[Kleinspider]

I believe this was been added to the parser on June 12 via commit: 4c7340c unless there is something else we are missing or if there is a problem with the current implementation?

Version 1.3 and 1.4 both contain this code, but only version 1.4 contains a test case (analyzer.services) that contain NPDU (NSPDU) logs