[Bro] How bro create an event from a packet?
kingsleyluoxin at hotmail.com
Tue Mar 21 18:28:42 PDT 2017
My puzzles mainly exist in the states managing of bro. I have noticed that there are C++ code for the implemention of DFA and NFA. Nevertheless, I could not find where it is invoked. So I was wondering if you could tell me where I can find the use of state machine. In addition, I also want to know about how bro transfer low level pcap file into high level event. I have read some information about that of protocol based on TCP or UDP and been aware that they are implemented by means of binpac tool. But I still want to know how lower level protocol such as IP or TCP can transfer pcap packets into bro events.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro