[Bro] Writing a new analyzer
vladg at cmu.edu
Tue Mar 25 11:57:49 PDT 2014
Please see: http://www.bro.org/development/howtos/binpac-sample-analyzer.html and the presentation I gave on this at the last Bro Exchange: https://www.youtube.com/watch?v=l44MqU0l6M8&feature=youtu.be My binpac-quickstart script is at: https://github.com/grigorescu/binpac_quickstart
If you have any specific questions, throw them out to this list and we'll see if we can help.
On Mar 25, 2014, at 1:56 PM, Kyle Creyts <kyle.creyts at gmail.com> wrote:
> A tutorial/workshop on the subject would be very interesting to me.
> On Tue, Mar 25, 2014 at 10:37 AM, Thomas, Eric D <edthoma at sandia.gov> wrote:
>> Hello, I'd like to write a protocol analyzer, but I don't know where to
>> begin. Is BinPAC the recommended method? The documentation for BinPAC
>> describes mostly types, so it's not enough to get me started. I looked at
>> some of the protocols that have .pac files and it's way over my head at this
>> stage. I found the BinPAC Sample Analyzer, which appears might be applicable
>> mostly to Bro 1.X. Any other resources that could help?
>> Eric Thomas
>> edthoma at sandia.gov
>> Bro mailing list
>> bro at bro-ids.org
> Kyle Creyts
> Information Assurance Professional
> Founder BSidesDetroit
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140325/1cb95ee3/attachment.bin
More information about the Bro