Spicy — Generating Robust Parsers for Protocols & File Formats
2024-10-23 , Europe - Main Room

This talk gives a practical overview and introduction of the Spicy parser generator for protocols and file formats.


Spicy is a parser generator that makes it easy to create robust parsers for network protocols, file formats and more. Spicy is a bit like a "yacc for protocols", but it is much more than that: It is an all-in-one system enabling developers to write attributed grammars that describe both syntax and semantics of an input format using a single, unified language. Think of Spicy as a domain-specific scripting language for all your parsing needs.

In the last couple of years we have evolved and used Spicy as a tool in the Zeek network monitoring ecosystem to make it easier for researchers and domain experts to surface information transmitted live over the network. Spicy includes dedicated support to work with lossy captures or malformed traffic. By providing an API Spicy can be embedded into other projects (like Zeek embeds Spicy).

This talk gives a practical overview and introduction of Spicy.

See also: Slides (1.8 MB)

Benjamin works as a Senior Open Source Developer at Corelight where he spends most of his time maintaining and evolving Spicy and its integration into the Zeek ecosystem. He previously worked on containerization and workload orchestration with Apache Mesos, and distributed columnar data stores. He holds a PhD in Physics from Stony Brook University.