[Bro] DPD with BinPAC++
robin at icir.org
Wed Jun 10 14:53:09 PDT 2015
On Wed, Jun 10, 2015 at 17:27 -0400, Peter Hansen wrote:
> I am currently working with BinPAC++ to write detectors for various
> protocols, and I am attempting to use Dynamic Protocol Detection in them,
> but I cannot find documentation on how to implement it.
There's a function to call at the time you consider the protocol
detected: Bro::dpd_confirm(). See bro/pac2/http.pac2 for an example.
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
More information about the Bro