[Bro] Requesting some pointers- Adding a new protocol to BRO- Facing problems
Vlad Grigorescu
vladg at illinois.edu
Mon Mar 21 08:31:13 PDT 2016
Hello,
Our relevant documentation is available at:
https://www.bro.org/development/howtos/dpd.html
https://www.bro.org/development/howtos/binpac-sample-analyzer.html
My guess is that there's an issue with how the analyzer is registered in
the Bro scripts and it's not being attached to the correct traffic. The
DPD write-up should go into detail about that.
--Vlad
Aniket Savanand <aniketpsavanand at gmail.com> writes:
> [ text/plain ]
> Hi
>
> I am trying to write a new protocol AMQP to the BRO.
> So I wrote analyzer files for AMQP by referring to the existing protocols
> files written in src/analyzer/protocol.
> I build and installed it correctly. and even tried to detect AMQP traffic
> using BRO.
> But this case BRO does not.
>
> Where would be wrong? is it the correct way to add new protocol/analyzer to
> the BRO?
>
> Could you point me to right direction.
>
> Thanks
> Aniket Savanand
> SJSU, CA
> 669-226-8162
>
> --
> *Regards, *
> *Aniket Savanand,*
> *MS Software Engineering 2016,*
> *San Jose State University, CA*
> *Email <aniket.savanand at sjsu.edu> **Cellphone- +1-669-226-8162*
> [ text/plain ]
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 800 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160321/b4197f7b/attachment.bin
More information about the Bro
mailing list