[Bro] Support SNMP and MODBUS/TCP Protocols?
Robin Sommer
robin at icir.org
Mon Aug 13 16:21:16 PDT 2012
On Mon, Aug 13, 2012 at 20:56 +0000, you wrote:
> We like to use Bro to monitor and analyze SNMP and MODBUS/TCP traffic
> in industrial control networks. Does the latest version of Bro
> support SNMP, MODBUS/TCP and any other industrial control protocols?
No, not yet. We've a prototype of Modbus support (and DNP3), which
will likely make it into Bro 2.2. Nobody is working on SNMP yet though
as far as I know.
> If not currently supported, what are the typical steps to make bro to
> support a new protocol?
The best way is to use our binpac parser generator, see here for a
skeleton:
http://www.bro-ids.org/development/binpac-sample-analyzer.html
Also take a look at the existing analyzers in src/*.pac.
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list