[Bro] DPD with BinPAC++
pch66 at cornell.edu
Fri Jun 12 08:12:03 PDT 2015
Hello, and thank you for your answer.
I think I have gotten it working except for the fact that my detector only
triggers on the specific type of traffic I am attempting to track, even if
the different types of data are on the same port, but for some reason it
only works when I specify one or more ports, and when I leave the port
blank, it doesn't detect it at all. Is there a way to specify that it
should listen on all ports?
On Wed, Jun 10, 2015 at 5:53 PM, Robin Sommer <robin at icir.org> wrote:
> On Wed, Jun 10, 2015 at 17:27 -0400, Peter Hansen wrote:
> > I am currently working with BinPAC++ to write detectors for various
> > protocols, and I am attempting to use Dynamic Protocol Detection in them,
> > but I cannot find documentation on how to implement it.
> There's a function to call at the time you consider the protocol
> detected: Bro::dpd_confirm(). See bro/pac2/http.pac2 for an example.
> Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro