[Bro] Integrating WiFi Analyzer within Bro

Fri Mar 25 10:10:13 PDT 2016

So just to verify if I understood it correctly.

You mean to say that all the protocols on or above the Transport Layer ONLY
should be able to use Bro BinPac?

Thanks,
Pratik Inamdar
On Mar 25, 2016 10:06, "Johanna Amann" <johanna at icir.org> wrote:

> Hi,
>
> the answer is the same for all protocols that are underneath tcp/udp. You
> will have to change the core for any of them. If you have an IoT protocol
> that works over UDP/TCP, you should be able to use BinPac alone.
>
> Johanna
>
> On 25 Mar 2016, at 9:55, pratik inamdar wrote:
>
> Hi,
>>
>> Thanks you for the prompt response!
>>
>> My task is to write an analyzer in bro using BinPac for an IoT protocol. I
>> have already written analyzers for application layer protocols namely MQTT
>> and AMQP.
>>
>> Now I wish to write an analyzer for an IoT protocol which does not fall in
>> the application layer.
>>
>> The IoT protocol should be able to use Bro BinPac language. Could you
>> please suggest me one?
>>
>> Thanks,
>> Pratik Inamdar
>> On Mar 25, 2016 09:48, "Johanna Amann" <johanna at icir.org> wrote:
>>
>> Hello Pratik,
>>>
>>> I think the answer stays the same - if I understand things correctly, you
>>> have to implement IEEE 802.15.4, which is a lower level protocol, which
>>> currently cannot be implemented with just BinPAC and needs core changes
>>> (probably in src/iosource/Packet.cc and others). There are currently no
>>> examples for that, besides the existing code.
>>>
>>> Johanna
>>>
>>> On 25 Mar 2016, at 9:40, pratik inamdar wrote:
>>>
>>> Hi Vlad,
>>>
>>>>
>>>> Hope you are doing good!
>>>>
>>>> I chose to switch the protocol. So now I am writing an analyzer for
>>>> 6LoWPAN
>>>> instead of WiFi.
>>>>
>>>> Quick question:
>>>>
>>>> Will I be able to successfully use BinPac to write an analyzer for
>>>> 6LoWPAN?
>>>>
>>>> Also, if possible, please guide me with some key points to remember
>>>> while
>>>> writing analyzer for 6LoWPAN.
>>>>
>>>> Your help will be greatly appreciated!
>>>>
>>>> Thanks,
>>>> Pratik Inamdar
>>>>
>>>> On Mon, Mar 21, 2016 at 8:28 AM, Vlad Grigorescu <vladg at illinois.edu>
>>>> wrote:
>>>>
>>>> Unfortunately, there is no way to implement lower level protocols with
>>>>
>>>>> BinPAC quickstart right now. Similary, we don't have any examples of a
>>>>> BinPAC lower-level analyzer if you were to do it manually.
>>>>>
>>>>> If you are able to get it working, I'd certainly be interested in how
>>>>> you did it, and would look at adding it to binpac_quickstart.
>>>>>
>>>>>   --Vlad
>>>>>
>>>>> pratik inamdar <pratikinamdar at gmail.com> writes:
>>>>>
>>>>> [ text/plain ]
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> In my project, I am integrating a WiFi protocol analyzer with bro to
>>>>>>
>>>>>> parse
>>>>>
>>>>> and monitor WiFi packets header information.
>>>>>>
>>>>>> I am using BinPac to generate template for the WiFi protocol analyzer
>>>>>> in
>>>>>> the src/analyzer/protocol directory.
>>>>>>
>>>>>> As per my knowledge WiFi(802.11) is not a TCP type of protocol. So I
>>>>>> wish
>>>>>> to know what should I use instead of the option "--tcp" while using
>>>>>> the
>>>>>> command:
>>>>>>
>>>>>> python start.py WiFi "WiFi Protocol" ../bro --tcp
>>>>>>
>>>>>> Any help will be really appreciated!
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Thanks & Regards.
>>>>>>
>>>>>> Pratik Inamdar
>>>>>> [ text/plain ]
>>>>>> _______________________________________________
>>>>>> Bro mailing list
>>>>>> bro at bro-ids.org
>>>>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>>
>>>> Thanks & Regards.
>>>>
>>>> Pratik Inamdar
>>>> _______________________________________________
>>>> Bro mailing list
>>>> bro at bro-ids.org
>>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>>
>>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160325/819edd2f/attachment.html 