[Bro] BitTorrent protocol analyzer help
Nick Pratley
npratley at redhat.com
Tue Oct 7 15:24:59 PDT 2014
Hi Seth, thanks for the response.
On 10/07/2014 01:42 PM, Seth Hall wrote:
> The bittorrent analyzer has undergone some bitrot and doesn't currently have scripts that enable it.
Curious to know what you mean by bitrot exactly? Was it not complete in the first place, not
maintained to keep up with changes in Bro itself..?
> If you look at the base scripts for other protocols, you will see where the analyzer is attached to connections by a port heuristic or by a signature heuristic in the accompanying .sig file (in scripts/base/protocols/xxx/).
> �
> Generally, unless you're prepared to do some heavier core and scriptland work, bittorrent isn't going to be something you can just use right now.
BitTorrent analysis would be quite useful to me so I'll have a look around. Even if I don't get it
working I should at least learn a bit about Bro :)
- Nick
More information about the Bro
mailing list