[Bro] Protocols in protocols
Thomas, Eric D
edthoma at sandia.gov
Wed Mar 26 09:49:27 PDT 2014
Hello,
I’m writing an analyzer for a few protocols which may or may not be layered. That is, a packet may be IP|TCP|ProtoA|ProtoB, or IP|TCP|ProtoC|ProtoB, or IP|TCP|ProtoB, and perhaps other variations. I envision writing separate protocol analyzers for each of those protocols instead of having to account for all the variations in one protocol analyzer. Does Bro/binPAC allow for this, and if so how? If it makes a difference, in this case most of the protocols cannot have useful DPD signatures.
--
Eric Thomas
edthoma at sandia.gov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140326/34d36993/attachment.html
More information about the Bro
mailing list