[Bro] testing binpac generated parser

Bortoli, Tomas tomas.bortoli at sit.fraunhofer.de
Mon May 29 01:58:01 PDT 2017

Hi Vlad,

No I found the solution. To enable a certain plug-in, by default is needed to modify the a configuration file of Bro:
by adding:
@load base/protocols/PROTOCOL_NAME

Regards, Tomas

From: Vlad Grigorescu [vladg at illinois.edu]
Sent: Friday, May 26, 2017 6:19 PM
To: Bortoli, Tomas; bro at bro.org
Subject: Re: [Bro] testing binpac generated parser


Is this still an issue for you? Thanks,


"Bortoli, Tomas" <tomas.bortoli at sit.fraunhofer.de> writes:

> Hi all,
> I am having troubles getting any sign of functioning from a simple parser defined in binpac.
> I followed the tutorial at: https://github.com/grigorescu/binpac_quickstart<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_grigorescu_binpac-5Fquickstart&d=DwMFAw&c=8hUWFZcy2Z-Za5rBPlktOQ&r=ORlu3TM4JXTo9I7l9hGPdc4fmi5SpOR_W8d-CNVr-9s&m=goV2DOs6PUNqcykohajsGfdi2A9S-_85KFDtLw7TLGA&s=Q9fAH5dePDO0PSj5ok7cWg4SpWnv76z9JsNcigjAS3c&e=>
> Then I wrote pretty simple headers definitions on my *-protocol.pac definition, then I added a print `std::cout <<  "Name PDU" << endl;` after the statement that generate the basic PDU event for the bro policy script engine in the *-analyzer.pac. I successfully compiled the parser definitions with binpac and then I recompiled bro (observing that the new parser is included in the compilation process.
> But then when I run bro with a pcap file that contains a packet that should be parsed by the binpac generated code, I don't get any output and don't know how to troubleshoot it..
> Any suggestion ?
> thanks in advance,
> Tomas
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list