[Bro] Integrating WiFi Analyzer within Bro

Johanna Amann johanna at icir.org
Fri Mar 25 10:37:10 PDT 2016 

It is as I said - there is a straightforward way to implement everything 
above TCP/UDP with BinPac. RIP is not below the transport layer - it 
uses UDP as its transport protocol.

Johanna

On 25 Mar 2016, at 10:32, pratik inamdar wrote:

> If what I said in my previous email is correct then why was  I able to
> integrate RIP(Routing Information protocol) analyzer with bro? RIP is 
> a
> network layer protocol which lied below Transport Layer.
>
> Similarly, 6LoWPAN is another name for IPV6 and is used for Low 
> powered
> devices. If I was able to integrate RIP, do you think I will be 
> integrate
> 6LoWPAN?
>
> Thanks,
> Pratik Inamdar
> On Mar 25, 2016 10:10, "pratik inamdar" <pratikinamdar at gmail.com> 
> wrote:
>
>> So just to verify if I understood it correctly.
>>
>> You mean to say that all the protocols on or above the Transport 
>> Layer
>> ONLY should be able to use Bro BinPac?
>>
>> Thanks,
>> Pratik Inamdar
>> On Mar 25, 2016 10:06, "Johanna Amann" <johanna at icir.org> wrote:
>>
>>> Hi,
>>>
>>> the answer is the same for all protocols that are underneath 
>>> tcp/udp. You
>>> will have to change the core for any of them. If you have an IoT 
>>> protocol
>>> that works over UDP/TCP, you should be able to use BinPac alone.
>>>
>>> Johanna
>>>
>>> On 25 Mar 2016, at 9:55, pratik inamdar wrote:
>>>
>>> Hi,
>>>>
>>>> Thanks you for the prompt response!
>>>>
>>>> My task is to write an analyzer in bro using BinPac for an IoT 
>>>> protocol.
>>>> I
>>>> have already written analyzers for application layer protocols 
>>>> namely
>>>> MQTT
>>>> and AMQP.
>>>>
>>>> Now I wish to write an analyzer for an IoT protocol which does not 
>>>> fall
>>>> in
>>>> the application layer.
>>>>
>>>> The IoT protocol should be able to use Bro BinPac language. Could 
>>>> you
>>>> please suggest me one?
>>>>
>>>> Thanks,
>>>> Pratik Inamdar
>>>> On Mar 25, 2016 09:48, "Johanna Amann" <johanna at icir.org> wrote:
>>>>
>>>> Hello Pratik,
>>>>>
>>>>> I think the answer stays the same - if I understand things 
>>>>> correctly,
>>>>> you
>>>>> have to implement IEEE 802.15.4, which is a lower level protocol, 
>>>>> which
>>>>> currently cannot be implemented with just BinPAC and needs core 
>>>>> changes
>>>>> (probably in src/iosource/Packet.cc and others). There are 
>>>>> currently no
>>>>> examples for that, besides the existing code.
>>>>>
>>>>> Johanna
>>>>>
>>>>> On 25 Mar 2016, at 9:40, pratik inamdar wrote:
>>>>>
>>>>> Hi Vlad,
>>>>>
>>>>>>
>>>>>> Hope you are doing good!
>>>>>>
>>>>>> I chose to switch the protocol. So now I am writing an analyzer 
>>>>>> for
>>>>>> 6LoWPAN
>>>>>> instead of WiFi.
>>>>>>
>>>>>> Quick question:
>>>>>>
>>>>>> Will I be able to successfully use BinPac to write an analyzer 
>>>>>> for
>>>>>> 6LoWPAN?
>>>>>>
>>>>>> Also, if possible, please guide me with some key points to 
>>>>>> remember
>>>>>> while
>>>>>> writing analyzer for 6LoWPAN.
>>>>>>
>>>>>> Your help will be greatly appreciated!
>>>>>>
>>>>>> Thanks,
>>>>>> Pratik Inamdar
>>>>>>
>>>>>> On Mon, Mar 21, 2016 at 8:28 AM, Vlad Grigorescu 
>>>>>> <vladg at illinois.edu>
>>>>>> wrote:
>>>>>>
>>>>>> Unfortunately, there is no way to implement lower level protocols 
>>>>>> with
>>>>>>
>>>>>>> BinPAC quickstart right now. Similary, we don't have any 
>>>>>>> examples of a
>>>>>>> BinPAC lower-level analyzer if you were to do it manually.
>>>>>>>
>>>>>>> If you are able to get it working, I'd certainly be interested 
>>>>>>> in how
>>>>>>> you did it, and would look at adding it to binpac_quickstart.
>>>>>>>
>>>>>>>   --Vlad
>>>>>>>
>>>>>>> pratik inamdar <pratikinamdar at gmail.com> writes:
>>>>>>>
>>>>>>> [ text/plain ]
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> In my project, I am integrating a WiFi protocol analyzer with 
>>>>>>>> bro to
>>>>>>>>
>>>>>>>> parse
>>>>>>>
>>>>>>> and monitor WiFi packets header information.
>>>>>>>>
>>>>>>>> I am using BinPac to generate template for the WiFi protocol
>>>>>>>> analyzer in
>>>>>>>> the src/analyzer/protocol directory.
>>>>>>>>
>>>>>>>> As per my knowledge WiFi(802.11) is not a TCP type of protocol. 
>>>>>>>> So I
>>>>>>>> wish
>>>>>>>> to know what should I use instead of the option "--tcp" while 
>>>>>>>> using
>>>>>>>> the
>>>>>>>> command:
>>>>>>>>
>>>>>>>> python start.py WiFi "WiFi Protocol" ../bro --tcp
>>>>>>>>
>>>>>>>> Any help will be really appreciated!
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> Thanks & Regards.
>>>>>>>>
>>>>>>>> Pratik Inamdar
>>>>>>>> [ text/plain ]
>>>>>>>> _______________________________________________
>>>>>>>> Bro mailing list
>>>>>>>> bro at bro-ids.org
>>>>>>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Thanks & Regards.
>>>>>>
>>>>>> Pratik Inamdar
>>>>>> _______________________________________________
>>>>>> Bro mailing list
>>>>>> bro at bro-ids.org
>>>>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>>>>
>>>>>>
>>>>>

More information about the Bro mailing list