[Bro] Documentation about List/Queue/HashMap data structures in Bro

Abhinay Kampasi abhinay at cs.utexas.edu
Thu May 18 11:57:56 PDT 2006


Hi,

I am writing an anomaly detector using Bro. I have two questions.

1) I am trying to correlate traffic in the two directions of a 
connection. I am currently using the "DataSent" method of "TCP_Endpoint" 
class to do some processing when data is sent by an endpoint of a 
connection. I need to do so for the both the endpoints of a connection 
in order to correlate traffic in the two directions. Is there any other 
method that I can use, which gets invoked whenever data flows in either 
direction of a connection with some indication of whether the data was 
sent by originator or responder.

2) I need to maintain the different endpoints in some sort of 
ArrayList/HashMap. I observed that there are already some list/queue 
implementations in Bro. Where can I find documentation about using these 
data structures regarding available methods / method parameters, etc.

Any help would be greatly appreciated.

Thanks and Regards,
Abhinay



More information about the Bro mailing list