[Bro] Documentation about List/Queue/HashMap data structures in Bro
abhinay at cs.utexas.edu
Thu May 18 11:57:56 PDT 2006
I am writing an anomaly detector using Bro. I have two questions.
1) I am trying to correlate traffic in the two directions of a
connection. I am currently using the "DataSent" method of "TCP_Endpoint"
class to do some processing when data is sent by an endpoint of a
connection. I need to do so for the both the endpoints of a connection
in order to correlate traffic in the two directions. Is there any other
method that I can use, which gets invoked whenever data flows in either
direction of a connection with some indication of whether the data was
sent by originator or responder.
2) I need to maintain the different endpoints in some sort of
ArrayList/HashMap. I observed that there are already some list/queue
implementations in Bro. Where can I find documentation about using these
data structures regarding available methods / method parameters, etc.
Any help would be greatly appreciated.
Thanks and Regards,
More information about the Bro