[Bro] [EXTERNAL] Re: Writing a new analyzer
Thomas, Eric D
edthoma at sandia.gov
Tue Mar 25 15:30:20 PDT 2014
Already a big help, thanks!
--
Eric Thomas
edthoma at sandia.gov
On 3/25/14, 11:57 AM, "Vlad Grigorescu" <vladg at cmu.edu> wrote:
>Hi,
>
>Please see:
>http://www.bro.org/development/howtos/binpac-sample-analyzer.html and the
>presentation I gave on this at the last Bro Exchange:
>https://www.youtube.com/watch?v=l44MqU0l6M8&feature=youtu.be My
>binpac-quickstart script is at:
>https://github.com/grigorescu/binpac_quickstart
>
>If you have any specific questions, throw them out to this list and we'll
>see if we can help.
>
> --Vlad
>
>On Mar 25, 2014, at 1:56 PM, Kyle Creyts <kyle.creyts at gmail.com> wrote:
>
>> +1.
>>
>> A tutorial/workshop on the subject would be very interesting to me.
>>
>> On Tue, Mar 25, 2014 at 10:37 AM, Thomas, Eric D <edthoma at sandia.gov>
>>wrote:
>>> Hello, I'd like to write a protocol analyzer, but I don't know where to
>>> begin. Is BinPAC the recommended method? The documentation for BinPAC
>>> describes mostly types, so it's not enough to get me started. I looked
>>>at
>>> some of the protocols that have .pac files and it's way over my head
>>>at this
>>> stage. I found the BinPAC Sample Analyzer, which appears might be
>>>applicable
>>> mostly to Bro 1.X. Any other resources that could help?
>>> --
>>> Eric Thomas
>>> edthoma at sandia.gov
>>>
>>> _______________________________________________
>>> Bro mailing list
>>> bro at bro-ids.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>>
>>
>> --
>> Kyle Creyts
>>
>> Information Assurance Professional
>> Founder BSidesDetroit
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
More information about the Bro
mailing list