[Bro] DPD with BinPAC++

Peter Hansen pch66 at cornell.edu
Fri Jun 12 08:12:03 PDT 2015


Hello, and thank you for your answer.

I think I have gotten it working except for the fact that my detector only
triggers on the specific type of traffic I am attempting to track, even if
the different types of data are on the same port, but for some reason it
only works when I specify one or more ports, and when I leave the port
blank, it doesn't detect it at all. Is there a way to specify that it
should listen on all ports?

Thanks,
Peter

On Wed, Jun 10, 2015 at 5:53 PM, Robin Sommer <robin at icir.org> wrote:

>
>
> On Wed, Jun 10, 2015 at 17:27 -0400, Peter Hansen wrote:
>
> > I am currently working with BinPAC++ to write detectors for various
> > protocols, and I am attempting to use Dynamic Protocol Detection in them,
> > but I cannot find documentation on how to implement it.
>
> There's a function to call at the time you consider the protocol
> detected: Bro::dpd_confirm(). See bro/pac2/http.pac2 for an example.
>
> Robin
>
> --
> Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150612/e0476c3c/attachment.html 


More information about the Bro mailing list