[Bro] what application layer protocols could Bro-2.1 identify using its default configuration?

Hui Lin (Hugo) hlin33 at illinois.edu
Wed Sep 19 07:05:42 PDT 2012


The answer to your question can be very complex.

First, Bro's application layer analyzer can be written by binpac or
directly by c++ (in src, *.pac codes are the binpac scripts, so you can
know what analyzers are written by binpac). Most analyzer developed in the
early stage is directly written by C++, for those codes, how they are
enabled, I am not quite sure. For binpac analyzer, there are three ways of
enabling a analyzer, which can be found in
http://www.bro-ids.org/development/dpd.html  (Determining Analyzer
Activation ).

Even if the binpac analyzer is always enabled, it may not be working if you
don't define any event handler related to this analyzer. As a result, you
have to check what policies are loaded by default, which can be found
in /share/bro/base under bro's installation directory (not source code
directory).


On Thu, Sep 13, 2012 at 5:56 PM, keqhe at cs.wisc.edu <keqhe at cs.wisc.edu>wrote:

> Hello Everyone:
>
> I set up Bro-2.1 and DataSeries to do trace analysis. I am not sure
> whether Bro-2.1 can identify (using default configuration)application
> layer protocols such as DEC_PRC, DNS, Finger, Gnutella, FTP, HTTP, Ident,
> IRC, NetbiosSSN, NCP, NFS, NTP, POP3, Portmapper, PRC, RSH, Rlogin, SMB,
> SSH, SSL, SMTP, Telnet as specified on Bro IDS' WIKI ? Or it can only
> identify some of the listed protocols.
>
> Could you please help me?
> Thank you!
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>



-- 
Hui Lin
PhD Candidate, Research Assistant
Electrical and Computer Engineering Department
University of Illinois at Urbana-Champaign
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120919/e7a40c2c/attachment.html 


More information about the Bro mailing list