[Bro] Requesting some pointers- Adding a new protocol to BRO- Facing problems

Aniket Savanand aniketpsavanand at gmail.com
Mon Mar 21 13:47:47 PDT 2016


Thank a lot.

I will start integrating AMQP analyzer with step mentioned on binpac page.

Thanks
Aniket

On Mon, Mar 21, 2016 at 8:31 AM, Vlad Grigorescu <vladg at illinois.edu> wrote:

> Hello,
>
> Our relevant documentation is available at:
>
> https://www.bro.org/development/howtos/dpd.html
> https://www.bro.org/development/howtos/binpac-sample-analyzer.html
>
> My guess is that there's an issue with how the analyzer is registered in
> the Bro scripts and it's not being attached to the correct traffic. The
> DPD write-up should go into detail about that.
>
>   --Vlad
>
> Aniket Savanand <aniketpsavanand at gmail.com> writes:
>
> > [ text/plain ]
> > Hi
> >
> > I am trying to write a new protocol AMQP to the BRO.
> > So I wrote analyzer files for AMQP by referring to the existing protocols
> > files written in src/analyzer/protocol.
> > I build and installed it correctly. and even tried to detect AMQP traffic
> > using BRO.
> > But this case BRO does not.
> >
> > Where would be wrong? is it the correct way to add new protocol/analyzer
> to
> > the BRO?
> >
> > Could you point me to right direction.
> >
> > Thanks
> > Aniket Savanand
> > SJSU, CA
> > 669-226-8162
> >
> > --
> > *Regards, *
> > *Aniket Savanand,*
> > *MS Software Engineering 2016,*
> > *San Jose State University, CA*
> > *Email <aniket.savanand at sjsu.edu> **Cellphone- +1-669-226-8162*
> > [ text/plain ]
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>



-- 
*Regards, *
*Aniket Savanand,*
*MS Software Engineering 2016,*
*San Jose State University, CA*
*Email <aniket.savanand at sjsu.edu> **Cellphone- +1-669-226-8162*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160321/3c04d4bd/attachment.html 


More information about the Bro mailing list