[Bro-Dev] OSPF protocol analyzer
Robin Sommer
robin at icir.org
Tue Dec 15 09:23:31 PST 2015
On Mon, Dec 14, 2015 at 17:54 +0100, you wrote:
> I was wondering if is it possible to make an analyzer of OSPF with Binpac.
Anything that's not on top of TCP/UDP remains problematic to support
in Bro currently, unfortunately. It's less a limitation of BinPAC; the
problem is that Bro's lower layers (before BinPAC even comes into the
picture) still pretty much hardcode the transport-layer protocols.
Changing that has been on the TODO list for a while, but nobody's
tackled it yet.
If one just wanted to hack something in to get data to a
proof-of-concept OSPF analyzer, that probably wouldn't be too hard.
But the real solution would require some internal refactoring first.
Robin
--
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
More information about the bro-dev
mailing list