[Bro] Control flow
Prateek Gupta
prateekgupta.3991 at gmail.com
Wed Jan 22 09:25:18 PST 2014
Hello developers,
I am a bachelors in engineering student from India and doing a project in
bro-IDS for network analysis and scripts for interesting data.
I need to understand the work flow of bro from packet capture stage to the
final logging stage with reference to the order in which the activities
occur in bro for HTTP protocol.
This is the understanding that I have developed and please correct me if I
am wrong.
As far as I have understood, bro first takes in a pcap file and the
init-bare.bro extracts the information from it using the framework for
protocol independent data. This data is supplied to the corresponding
protocol which acts on it for the relevant data and generates events which
are handled by the event handlers and these handlers take the actions of
notice or logging etc.
My question is what is the mechanism for analysing the packet and the order
in which the bro code is sequenced?
Hope to get a reply soon!
Regards,
Prateek Gupta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140122/62fa0b51/attachment.html
More information about the Bro
mailing list