[Bro] Triggering events on incomplete PDUs
Rafael Barbosa
rrbarbosa at gmail.com
Wed Apr 22 02:34:55 PDT 2015
Hi,
I am implementing a simple protocol analyzer for DLMS (smart metering
protocol), and I am trying to understand how the events are triggered.
Basically, I am interested in the first few bytes of the PDU, which
identify the types of requests/responses (e.g.: read, write,
authentication, etc). I implemented an analyzer for these bytes based on
the other protocols available, and I am able to trigger some events with
the values I need when parsing an example file.
However, the event only seem to be triggered when the full PDU is
avaliable. This is a big problem because the `snaplen` used for the capture
was quite small, thus most of the PDUs are incomplete.
My question is: Is there is a way that I can force an event to be
triggered as soon as the first few bytes are available?
Best,
Rafael Barbosa
Research Consultant
www.encs.eu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150422/66b8c0a1/attachment.html
More information about the Bro
mailing list