[Bro] Activating a scanner within a scanner?
Robin Sommer
robin at icir.org
Tue May 15 18:37:27 PDT 2007
On Fri, May 11, 2007 at 16:10 +0200, you wrote:
> SIP may contain SDP, whereas SDP is mainly used in SIP. SDP could be
> used for the description of other sessions,
[...]
> The only information about SDP in SIP is the Content-Length field,
Ok, so then I would go for a seperate analyzer.
> SIP is UDP-based. Would this work for DeliverPacket, as well?
Yes. The "packet" is actually just a chunk of data, with the actual
interpretation being left to the analyzer.
> I tried looking at the HTTP analyzer, because this protocol uses a
> newline to show when the header is finished, but to no avail.
If I understand you correctly, you should be able to do this in the
same way as the HTTP analyer does it. I thinkt this is the relevant
type from http-protocol.pac:
type HTTP_Headers = HTTP_Header[] &until($input.length() == 0);
Does something similar work for you?
Robin
--
Robin Sommer * Phone +1 (510) 931-5555 * robin at icir.org
LBNL/ICSI * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list