[Bro] Writing a new analyzer
Kyle Creyts
kyle.creyts at gmail.com
Tue Mar 25 10:56:30 PDT 2014
+1.
A tutorial/workshop on the subject would be very interesting to me.
On Tue, Mar 25, 2014 at 10:37 AM, Thomas, Eric D <edthoma at sandia.gov> wrote:
> Hello, I'd like to write a protocol analyzer, but I don't know where to
> begin. Is BinPAC the recommended method? The documentation for BinPAC
> describes mostly types, so it's not enough to get me started. I looked at
> some of the protocols that have .pac files and it's way over my head at this
> stage. I found the BinPAC Sample Analyzer, which appears might be applicable
> mostly to Bro 1.X. Any other resources that could help?
> --
> Eric Thomas
> edthoma at sandia.gov
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
Kyle Creyts
Information Assurance Professional
Founder BSidesDetroit
More information about the Bro
mailing list