[Bro] testing binpac generated parser
vladg at illinois.edu
Fri May 26 09:19:13 PDT 2017
Is this still an issue for you? Thanks,
"Bortoli, Tomas" <tomas.bortoli at sit.fraunhofer.de> writes:
> Hi all,
> I am having troubles getting any sign of functioning from a simple parser defined in binpac.
> I followed the tutorial at: https://github.com/grigorescu/binpac_quickstart<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_grigorescu_binpac-5Fquickstart&d=DwMFAw&c=8hUWFZcy2Z-Za5rBPlktOQ&r=ORlu3TM4JXTo9I7l9hGPdc4fmi5SpOR_W8d-CNVr-9s&m=goV2DOs6PUNqcykohajsGfdi2A9S-_85KFDtLw7TLGA&s=Q9fAH5dePDO0PSj5ok7cWg4SpWnv76z9JsNcigjAS3c&e=>
> Then I wrote pretty simple headers definitions on my *-protocol.pac definition, then I added a print `std::cout << "Name PDU" << endl;` after the statement that generate the basic PDU event for the bro policy script engine in the *-analyzer.pac. I successfully compiled the parser definitions with binpac and then I recompiled bro (observing that the new parser is included in the compilation process.
> But then when I run bro with a pcap file that contains a packet that should be parsed by the binpac generated code, I don't get any output and don't know how to troubleshoot it..
> Any suggestion ?
> thanks in advance,
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 800 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170526/2b0d5be8/attachment.bin
More information about the Bro