[Bro] Integrating WiFi Analyzer within Bro
Johanna Amann
johanna at icir.org
Fri Mar 25 10:06:06 PDT 2016
Hi,
the answer is the same for all protocols that are underneath tcp/udp.
You will have to change the core for any of them. If you have an IoT
protocol that works over UDP/TCP, you should be able to use BinPac
alone.
Johanna
On 25 Mar 2016, at 9:55, pratik inamdar wrote:
> Hi,
>
> Thanks you for the prompt response!
>
> My task is to write an analyzer in bro using BinPac for an IoT
> protocol. I
> have already written analyzers for application layer protocols namely
> MQTT
> and AMQP.
>
> Now I wish to write an analyzer for an IoT protocol which does not
> fall in
> the application layer.
>
> The IoT protocol should be able to use Bro BinPac language. Could you
> please suggest me one?
>
> Thanks,
> Pratik Inamdar
> On Mar 25, 2016 09:48, "Johanna Amann" <johanna at icir.org> wrote:
>
>> Hello Pratik,
>>
>> I think the answer stays the same - if I understand things correctly,
>> you
>> have to implement IEEE 802.15.4, which is a lower level protocol,
>> which
>> currently cannot be implemented with just BinPAC and needs core
>> changes
>> (probably in src/iosource/Packet.cc and others). There are currently
>> no
>> examples for that, besides the existing code.
>>
>> Johanna
>>
>> On 25 Mar 2016, at 9:40, pratik inamdar wrote:
>>
>> Hi Vlad,
>>>
>>> Hope you are doing good!
>>>
>>> I chose to switch the protocol. So now I am writing an analyzer for
>>> 6LoWPAN
>>> instead of WiFi.
>>>
>>> Quick question:
>>>
>>> Will I be able to successfully use BinPac to write an analyzer for
>>> 6LoWPAN?
>>>
>>> Also, if possible, please guide me with some key points to remember
>>> while
>>> writing analyzer for 6LoWPAN.
>>>
>>> Your help will be greatly appreciated!
>>>
>>> Thanks,
>>> Pratik Inamdar
>>>
>>> On Mon, Mar 21, 2016 at 8:28 AM, Vlad Grigorescu
>>> <vladg at illinois.edu>
>>> wrote:
>>>
>>> Unfortunately, there is no way to implement lower level protocols
>>> with
>>>> BinPAC quickstart right now. Similary, we don't have any examples
>>>> of a
>>>> BinPAC lower-level analyzer if you were to do it manually.
>>>>
>>>> If you are able to get it working, I'd certainly be interested in
>>>> how
>>>> you did it, and would look at adding it to binpac_quickstart.
>>>>
>>>> --Vlad
>>>>
>>>> pratik inamdar <pratikinamdar at gmail.com> writes:
>>>>
>>>> [ text/plain ]
>>>>> Hi,
>>>>>
>>>>> In my project, I am integrating a WiFi protocol analyzer with bro
>>>>> to
>>>>>
>>>> parse
>>>>
>>>>> and monitor WiFi packets header information.
>>>>>
>>>>> I am using BinPac to generate template for the WiFi protocol
>>>>> analyzer in
>>>>> the src/analyzer/protocol directory.
>>>>>
>>>>> As per my knowledge WiFi(802.11) is not a TCP type of protocol. So
>>>>> I
>>>>> wish
>>>>> to know what should I use instead of the option "--tcp" while
>>>>> using the
>>>>> command:
>>>>>
>>>>> python start.py WiFi "WiFi Protocol" ../bro --tcp
>>>>>
>>>>> Any help will be really appreciated!
>>>>>
>>>>> --
>>>>>
>>>>> Thanks & Regards.
>>>>>
>>>>> Pratik Inamdar
>>>>> [ text/plain ]
>>>>> _______________________________________________
>>>>> Bro mailing list
>>>>> bro at bro-ids.org
>>>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> Thanks & Regards.
>>>
>>> Pratik Inamdar
>>> _______________________________________________
>>> Bro mailing list
>>> bro at bro-ids.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>
>>
More information about the Bro
mailing list