[Bro] Packet Level Analysis

Gehana Booth GehanaBooth at cmail.carleton.ca
Wed Aug 6 06:12:48 PDT 2014


This is probably a very silly question, but I just wanted to get some
opinions. Is it possible/feasible to do packet level analysis with bro
(e.g., looking at the entire packet as a string to find similar patterns
between packets)? Or is bro too high-level to make this an option, as it
seems that the relevant events (new_packet, packet_contents, etc.) are
exceedingly slow.

If this is possible, however, would I be able to do this in bro scripts or
would I need to do something like write the module in C/C++ to hook into

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140806/2f89a6bc/attachment.html 

More information about the Bro mailing list