[Bro] what application layer protocols could Bro-2.1 identify using its default configuration?
keqhe at cs.wisc.edu
keqhe at cs.wisc.edu
Wed Sep 19 09:03:32 PDT 2012
HI, Hui:
Thank you very much for your information!
>
> On Wed, Sep 19, 2012 at 9:05 AM, Hui Lin (Hugo) <hlin33 at illinois.edu>
> wrote:
>
>> The answer to your question can be very complex.
>>
>> First, Bro's application layer analyzer can be written by binpac or
>> directly by c++ (in src, *.pac codes are the binpac scripts, so you can
>> know what analyzers are written by binpac). Most analyzer developed in
>> the
>> early stage is directly written by C++, for those codes, how they are
>> enabled, I am not quite sure. For binpac analyzer, there are three ways
>> of
>> enabling a analyzer, which can be found in
>> http://www.bro-ids.org/development/dpd.html (Determining Analyzer
>> Activation ).
>>
>> Even if the binpac analyzer is always enabled, it may not be working if
>> you don't define any event handler related to this analyzer. As a
>> result,
>> you have to check what policies are loaded by default, which can be
>> found
>> in /share/bro/base under bro's installation directory (not source code
>> directory).
>>
>>
>> On Thu, Sep 13, 2012 at 5:56 PM, keqhe at cs.wisc.edu
>> <keqhe at cs.wisc.edu>wrote:
>>
>>> Hello Everyone:
>>>
>>> I set up Bro-2.1 and DataSeries to do trace analysis. I am not sure
>>> whether Bro-2.1 can identify (using default configuration)application
>>> layer protocols such as DEC_PRC, DNS, Finger, Gnutella, FTP, HTTP,
>>> Ident,
>>> IRC, NetbiosSSN, NCP, NFS, NTP, POP3, Portmapper, PRC, RSH, Rlogin,
>>> SMB,
>>> SSH, SSL, SMTP, Telnet as specified on Bro IDS' WIKI ? Or it can only
>>> identify some of the listed protocols.
>>>
>>> Could you please help me?
>>> Thank you!
>>>
>>> _______________________________________________
>>> Bro mailing list
>>> bro at bro-ids.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>
>>
>>
>>
>> --
>> Hui Lin
>> PhD Candidate, Research Assistant
>> Electrical and Computer Engineering Department
>> University of Illinois at Urbana-Champaign
>>
>>
>
>
> --
> Keqiang He
> Dept. of Computer Sciences, University of Wisconsin-Madison
> Madison, WI 53706
>
More information about the Bro
mailing list