[Bro] exercising binpac++/spicy parsers

Troy Jordan troyj at maine.edu
Fri Mar 13 04:39:47 PDT 2015


There are some hilti-based parsers in the Bro docker image. When I run
the pcaps for BACnet (/opt/hilti/bro/tests/Traces/bacnet/*.pcap) through
Bro (eg bro -r NPDU.pcap) , no event logs are produced in

How do I integrate these parsers into Bro?

- Troy


                     	  Troy Jordan
                   t r o y j @ m a i n e . e d u
                Network Systems Security Analyst
             Information Technology Security Office
                    University of Maine System
233 Science Building           |     voice: 207.561.3590
Portland, ME 04103             |     fax:   509.351.3650

"As you all know, Security Is Mortals chiefest Enemy"
 William Shakespeare, Macbeth

More information about the Bro mailing list