[Bro] Protocol Analyzer Template

Vlad Grigorescu vlad at grigorescu.org
Fri Aug 22 11:28:15 PDT 2014


Hi Jason,

The scripts are available here:
https://github.com/grigorescu/binpac_quickstart

Please note that these won't work with current git master, due to the
recently added plugin support (more specifically, the files that are
generated are correct, just the paths are wrong).

It will work with Bro 2.3, though. Updating this to work with master is on
my todo list.

  --Vlad


On Fri, Aug 22, 2014 at 12:09 PM, Jason Batchelor <jxbatchelor at gmail.com>
wrote:

> Hello:
>
> I am interested in writing a protocol analyzer, however, I really did not
> know exactly where to start.
>
> I checked out the presentation here:
> https://www.youtube.com/watch?v=1eDIl9y6ZnM
>
> It was fantastic, and helped me understand more about what the
> requirements are.
>
> Toward the end of the presentation there is mention of a script that auto
> generates the basic files you need to create your analyzer. Unfortunately,
> the deck states it is yet to be released. Does anyone know if this has
> happened yet?
>
> Additionally, I noticed that some of the directories/files the presenter
> mentions are not present in my installation. For example:
>
> src/analyzers/protocol (not present)
>
> I do not see any .pac files either.
>
> I may be (likely) missing something. If so, please kindly point it out to
> me. If not, were there changes made that would make much of the location
> information provided in the presentation irrelevant? Could someone kindly
> issue a refresher or point me to one?
>
> Many thanks,
> Jason
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140822/988bb4ef/attachment.html 


More information about the Bro mailing list