[Bro] Writing a new analyzer

Vlad Grigorescu vladg at cmu.edu
Tue Mar 25 11:57:49 PDT 2014


Please see: http://www.bro.org/development/howtos/binpac-sample-analyzer.html and the presentation I gave on this at the last Bro Exchange: https://www.youtube.com/watch?v=l44MqU0l6M8&feature=youtu.be My binpac-quickstart script is at: https://github.com/grigorescu/binpac_quickstart

If you have any specific questions, throw them out to this list and we'll see if we can help.


On Mar 25, 2014, at 1:56 PM, Kyle Creyts <kyle.creyts at gmail.com> wrote:

> +1.
> A tutorial/workshop on the subject would be very interesting to me.
> On Tue, Mar 25, 2014 at 10:37 AM, Thomas, Eric D <edthoma at sandia.gov> wrote:
>> Hello, I'd like to write a protocol analyzer, but I don't know where to
>> begin. Is BinPAC the recommended method? The documentation for BinPAC
>> describes mostly types, so it's not enough to get me started. I looked at
>> some of the protocols that have .pac files and it's way over my head at this
>> stage. I found the BinPAC Sample Analyzer, which appears might be applicable
>> mostly to Bro 1.X. Any other resources that could help?
>> --
>> Eric Thomas
>> edthoma at sandia.gov
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> -- 
> Kyle Creyts
> Information Assurance Professional
> Founder BSidesDetroit
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140325/1cb95ee3/attachment.bin 

More information about the Bro mailing list