[Bro-Dev] Parse LDAP messages from a pcap

Vlad Grigorescu vlad at grigorescu.org
Tue Dec 1 08:15:47 PST 2015


Zakaria,

There's no LDAP analyzer in Bro. LDAP is not a simple protocol, but if
you'd like to try writing an analyzer, you might want to check out the
following resources:

https://www.bro.org/development/howtos/binpac-sample-analyzer.html
https://www.youtube.com/watch?v=1eDIl9y6ZnM

Best,

  --Vlad

On Wed, Nov 25, 2015 at 12:44 PM, Zakaria Hili <zakahili at gmail.com> wrote:

> Hello,
>
>   I need to parse LDAP messages from a pcap. So what I did is I tried to
> search for some Bro's events of LDAP but I failed. So I was wondering if
> there's some and that I missed them. If no, how can I then code a dissector
> of ldap easily so I could use it in events that I have to implement?
>
> Thank you for your help and keep up the good work!
>>
> _______________________________________________
> bro-dev mailing list
> bro-dev at bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20151201/c2b99da1/attachment.html 


More information about the bro-dev mailing list