[Bro] BitTorrent protocol analyzer help
Seth Hall
seth at icir.org
Mon Oct 6 20:42:15 PDT 2014
On Oct 6, 2014, at 10:07 PM, Nick Pratley <npratley at redhat.com> wrote:
> Hi, I need some help with the BitTorrent protocol analyzer. My aim is to log info_hash values for
> files downloaded over bittorrent.
The bittorrent analyzer has undergone some bitrot and doesn't currently have scripts that enable it.
> I can see bittorrent-related events in base/bif/plugins/Bro_BitTorrent.events.bif.bro but these
> events don't seem to be getting raised.
If you look at the base scripts for other protocols, you will see where the analyzer is attached to connections by a port heuristic or by a signature heuristic in the accompanying .sig file (in scripts/base/protocols/xxx/).
�
Generally, unless you're prepared to do some heavier core and scriptland work, bittorrent isn't going to be something you can just use right now.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list