[Bro] Integrating WiFi Analyzer within Bro

pratik inamdar pratikinamdar at gmail.com
Fri Mar 25 10:32:02 PDT 2016


If what I said in my previous email is correct then why was  I able to
integrate RIP(Routing Information protocol) analyzer with bro? RIP is a
network layer protocol which lied below Transport Layer.

Similarly, 6LoWPAN is another name for IPV6 and is used for Low powered
devices. If I was able to integrate RIP, do you think I will be integrate
6LoWPAN?

Thanks,
Pratik Inamdar
On Mar 25, 2016 10:10, "pratik inamdar" <pratikinamdar at gmail.com> wrote:

> So just to verify if I understood it correctly.
>
> You mean to say that all the protocols on or above the Transport Layer
> ONLY should be able to use Bro BinPac?
>
> Thanks,
> Pratik Inamdar
> On Mar 25, 2016 10:06, "Johanna Amann" <johanna at icir.org> wrote:
>
>> Hi,
>>
>> the answer is the same for all protocols that are underneath tcp/udp. You
>> will have to change the core for any of them. If you have an IoT protocol
>> that works over UDP/TCP, you should be able to use BinPac alone.
>>
>> Johanna
>>
>> On 25 Mar 2016, at 9:55, pratik inamdar wrote:
>>
>> Hi,
>>>
>>> Thanks you for the prompt response!
>>>
>>> My task is to write an analyzer in bro using BinPac for an IoT protocol.
>>> I
>>> have already written analyzers for application layer protocols namely
>>> MQTT
>>> and AMQP.
>>>
>>> Now I wish to write an analyzer for an IoT protocol which does not fall
>>> in
>>> the application layer.
>>>
>>> The IoT protocol should be able to use Bro BinPac language. Could you
>>> please suggest me one?
>>>
>>> Thanks,
>>> Pratik Inamdar
>>> On Mar 25, 2016 09:48, "Johanna Amann" <johanna at icir.org> wrote:
>>>
>>> Hello Pratik,
>>>>
>>>> I think the answer stays the same - if I understand things correctly,
>>>> you
>>>> have to implement IEEE 802.15.4, which is a lower level protocol, which
>>>> currently cannot be implemented with just BinPAC and needs core changes
>>>> (probably in src/iosource/Packet.cc and others). There are currently no
>>>> examples for that, besides the existing code.
>>>>
>>>> Johanna
>>>>
>>>> On 25 Mar 2016, at 9:40, pratik inamdar wrote:
>>>>
>>>> Hi Vlad,
>>>>
>>>>>
>>>>> Hope you are doing good!
>>>>>
>>>>> I chose to switch the protocol. So now I am writing an analyzer for
>>>>> 6LoWPAN
>>>>> instead of WiFi.
>>>>>
>>>>> Quick question:
>>>>>
>>>>> Will I be able to successfully use BinPac to write an analyzer for
>>>>> 6LoWPAN?
>>>>>
>>>>> Also, if possible, please guide me with some key points to remember
>>>>> while
>>>>> writing analyzer for 6LoWPAN.
>>>>>
>>>>> Your help will be greatly appreciated!
>>>>>
>>>>> Thanks,
>>>>> Pratik Inamdar
>>>>>
>>>>> On Mon, Mar 21, 2016 at 8:28 AM, Vlad Grigorescu <vladg at illinois.edu>
>>>>> wrote:
>>>>>
>>>>> Unfortunately, there is no way to implement lower level protocols with
>>>>>
>>>>>> BinPAC quickstart right now. Similary, we don't have any examples of a
>>>>>> BinPAC lower-level analyzer if you were to do it manually.
>>>>>>
>>>>>> If you are able to get it working, I'd certainly be interested in how
>>>>>> you did it, and would look at adding it to binpac_quickstart.
>>>>>>
>>>>>>   --Vlad
>>>>>>
>>>>>> pratik inamdar <pratikinamdar at gmail.com> writes:
>>>>>>
>>>>>> [ text/plain ]
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> In my project, I am integrating a WiFi protocol analyzer with bro to
>>>>>>>
>>>>>>> parse
>>>>>>
>>>>>> and monitor WiFi packets header information.
>>>>>>>
>>>>>>> I am using BinPac to generate template for the WiFi protocol
>>>>>>> analyzer in
>>>>>>> the src/analyzer/protocol directory.
>>>>>>>
>>>>>>> As per my knowledge WiFi(802.11) is not a TCP type of protocol. So I
>>>>>>> wish
>>>>>>> to know what should I use instead of the option "--tcp" while using
>>>>>>> the
>>>>>>> command:
>>>>>>>
>>>>>>> python start.py WiFi "WiFi Protocol" ../bro --tcp
>>>>>>>
>>>>>>> Any help will be really appreciated!
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Thanks & Regards.
>>>>>>>
>>>>>>> Pratik Inamdar
>>>>>>> [ text/plain ]
>>>>>>> _______________________________________________
>>>>>>> Bro mailing list
>>>>>>> bro at bro-ids.org
>>>>>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Thanks & Regards.
>>>>>
>>>>> Pratik Inamdar
>>>>> _______________________________________________
>>>>> Bro mailing list
>>>>> bro at bro-ids.org
>>>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>>>
>>>>>
>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160325/d5eed165/attachment-0001.html 


More information about the Bro mailing list