[Bro] General questions about Bro's capabilities

Hui Lin (Hugo) hlin33 at illinois.edu
Sun Dec 28 19:01:21 PST 2014


Hi Savakh,

The analyzer for specific protocols are included in src\analyzer\protocol
of the source code repository . You may also take a look at Binpac (
https://www.bro.org/sphinx/components/binpac/README.html). Most current
application layer protocols based on TCP or UDP are added in Bro by using
Binpac. With the help of Binpac, it is also easy to add new protocol
analyzer in Bro.

Hope this helps.

Hugo

On Sun, Dec 28, 2014 at 5:43 PM, anthony kasza <anthony.kasza at gmail.com>
wrote:

>  Bro has an understanding of many of the more popular layer 7 protocols
> and is able to generate logs based on what it sees.
> One rather simple way to create a baseline for a network could be to
> monitor the network for a period of time and observe the logs Bro generates.
>
> -AK
> On Dec 28, 2014 9:01 AM, "Savakh S" <sovakah at gmail.com> wrote:
>
>>   Hello,
>>
>>  How can Bro be used to set a network profile and works as a behavior IDS
>> ?
>>  Does Bro need to understand L7 protocols ? Is it compulsory ? If not,
>> what would be its capabilities ?
>>
>>  Thank for your answers.
>>
>>  Regards.
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>


-- 
Hui Lin
PhD Candidate, Research Assistant
Electrical and Computer Engineering Department
University of Illinois at Urbana-Champaign
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141228/f91f7a85/attachment.html 


More information about the Bro mailing list