[Bro] Requesting some pointers- Adding a new protocol to BRO- Facing problems

Vlad Grigorescu vladg at illinois.edu
Mon Mar 21 08:31:13 PDT 2016


Our relevant documentation is available at:


My guess is that there's an issue with how the analyzer is registered in
the Bro scripts and it's not being attached to the correct traffic. The
DPD write-up should go into detail about that.


Aniket Savanand <aniketpsavanand at gmail.com> writes:

> [ text/plain ]
> Hi
> I am trying to write a new protocol AMQP to the BRO.
> So I wrote analyzer files for AMQP by referring to the existing protocols
> files written in src/analyzer/protocol.
> I build and installed it correctly. and even tried to detect AMQP traffic
> using BRO.
> But this case BRO does not.
> Where would be wrong? is it the correct way to add new protocol/analyzer to
> the BRO?
> Could you point me to right direction.
> Thanks
> Aniket Savanand
> 669-226-8162
> -- 
> *Regards, *
> *Aniket Savanand,*
> *MS Software Engineering 2016,*
> *San Jose State University, CA*
> *Email <aniket.savanand at sjsu.edu> **Cellphone- +1-669-226-8162*
> [ text/plain ]
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 800 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160321/b4197f7b/attachment.bin 

More information about the Bro mailing list