[Bro] Integrating WiFi Analyzer within Bro

pratik inamdar pratikinamdar at gmail.com
Fri Mar 25 11:15:43 PDT 2016 

I see! So you mean to say that no matter which layer does the protocol
itself lies. If that protocol uses a port number (TCP/UDP) for
transportation of its packets then ONLY I can use BinPac to write an
analyzer for it.

Thanks,
Pratik Inamdar
On Mar 25, 2016 10:37, "Johanna Amann" <johanna at icir.org> wrote:

> It is as I said - there is a straightforward way to implement everything
> above TCP/UDP with BinPac. RIP is not below the transport layer - it uses
> UDP as its transport protocol.
>
> Johanna
>
> On 25 Mar 2016, at 10:32, pratik inamdar wrote:
>
> If what I said in my previous email is correct then why was  I able to
>> integrate RIP(Routing Information protocol) analyzer with bro? RIP is a
>> network layer protocol which lied below Transport Layer.
>>
>> Similarly, 6LoWPAN is another name for IPV6 and is used for Low powered
>> devices. If I was able to integrate RIP, do you think I will be integrate
>> 6LoWPAN?
>>
>> Thanks,
>> Pratik Inamdar
>> On Mar 25, 2016 10:10, "pratik inamdar" <pratikinamdar at gmail.com> wrote:
>>
>> So just to verify if I understood it correctly.
>>>
>>> You mean to say that all the protocols on or above the Transport Layer
>>> ONLY should be able to use Bro BinPac?
>>>
>>> Thanks,
>>> Pratik Inamdar
>>> On Mar 25, 2016 10:06, "Johanna Amann" <johanna at icir.org> wrote:
>>>
>>> Hi,
>>>>
>>>> the answer is the same for all protocols that are underneath tcp/udp.
>>>> You
>>>> will have to change the core for any of them. If you have an IoT
>>>> protocol
>>>> that works over UDP/TCP, you should be able to use BinPac alone.
>>>>
>>>> Johanna
>>>>
>>>> On 25 Mar 2016, at 9:55, pratik inamdar wrote:
>>>>
>>>> Hi,
>>>>
>>>>>
>>>>> Thanks you for the prompt response!
>>>>>
>>>>> My task is to write an analyzer in bro using BinPac for an IoT
>>>>> protocol.
>>>>> I
>>>>> have already written analyzers for application layer protocols namely
>>>>> MQTT
>>>>> and AMQP.
>>>>>
>>>>> Now I wish to write an analyzer for an IoT protocol which does not fall
>>>>> in
>>>>> the application layer.
>>>>>
>>>>> The IoT protocol should be able to use Bro BinPac language. Could you
>>>>> please suggest me one?
>>>>>
>>>>> Thanks,
>>>>> Pratik Inamdar
>>>>> On Mar 25, 2016 09:48, "Johanna Amann" <johanna at icir.org> wrote:
>>>>>
>>>>> Hello Pratik,
>>>>>
>>>>>>
>>>>>> I think the answer stays the same - if I understand things correctly,
>>>>>> you
>>>>>> have to implement IEEE 802.15.4, which is a lower level protocol,
>>>>>> which
>>>>>> currently cannot be implemented with just BinPAC and needs core
>>>>>> changes
>>>>>> (probably in src/iosource/Packet.cc and others). There are currently
>>>>>> no
>>>>>> examples for that, besides the existing code.
>>>>>>
>>>>>> Johanna
>>>>>>
>>>>>> On 25 Mar 2016, at 9:40, pratik inamdar wrote:
>>>>>>
>>>>>> Hi Vlad,
>>>>>>
>>>>>>
>>>>>>> Hope you are doing good!
>>>>>>>
>>>>>>> I chose to switch the protocol. So now I am writing an analyzer for
>>>>>>> 6LoWPAN
>>>>>>> instead of WiFi.
>>>>>>>
>>>>>>> Quick question:
>>>>>>>
>>>>>>> Will I be able to successfully use BinPac to write an analyzer for
>>>>>>> 6LoWPAN?
>>>>>>>
>>>>>>> Also, if possible, please guide me with some key points to remember
>>>>>>> while
>>>>>>> writing analyzer for 6LoWPAN.
>>>>>>>
>>>>>>> Your help will be greatly appreciated!
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Pratik Inamdar
>>>>>>>
>>>>>>> On Mon, Mar 21, 2016 at 8:28 AM, Vlad Grigorescu <vladg at illinois.edu
>>>>>>> >
>>>>>>> wrote:
>>>>>>>
>>>>>>> Unfortunately, there is no way to implement lower level protocols
>>>>>>> with
>>>>>>>
>>>>>>> BinPAC quickstart right now. Similary, we don't have any examples of
>>>>>>>> a
>>>>>>>> BinPAC lower-level analyzer if you were to do it manually.
>>>>>>>>
>>>>>>>> If you are able to get it working, I'd certainly be interested in
>>>>>>>> how
>>>>>>>> you did it, and would look at adding it to binpac_quickstart.
>>>>>>>>
>>>>>>>>   --Vlad
>>>>>>>>
>>>>>>>> pratik inamdar <pratikinamdar at gmail.com> writes:
>>>>>>>>
>>>>>>>> [ text/plain ]
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> In my project, I am integrating a WiFi protocol analyzer with bro
>>>>>>>>> to
>>>>>>>>>
>>>>>>>>> parse
>>>>>>>>>
>>>>>>>>
>>>>>>>> and monitor WiFi packets header information.
>>>>>>>>
>>>>>>>>>
>>>>>>>>> I am using BinPac to generate template for the WiFi protocol
>>>>>>>>> analyzer in
>>>>>>>>> the src/analyzer/protocol directory.
>>>>>>>>>
>>>>>>>>> As per my knowledge WiFi(802.11) is not a TCP type of protocol. So
>>>>>>>>> I
>>>>>>>>> wish
>>>>>>>>> to know what should I use instead of the option "--tcp" while using
>>>>>>>>> the
>>>>>>>>> command:
>>>>>>>>>
>>>>>>>>> python start.py WiFi "WiFi Protocol" ../bro --tcp
>>>>>>>>>
>>>>>>>>> Any help will be really appreciated!
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> Thanks & Regards.
>>>>>>>>>
>>>>>>>>> Pratik Inamdar
>>>>>>>>> [ text/plain ]
>>>>>>>>> _______________________________________________
>>>>>>>>> Bro mailing list
>>>>>>>>> bro at bro-ids.org
>>>>>>>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Thanks & Regards.
>>>>>>>
>>>>>>> Pratik Inamdar
>>>>>>> _______________________________________________
>>>>>>> Bro mailing list
>>>>>>> bro at bro-ids.org
>>>>>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160325/4cc100e9/attachment.html

More information about the Bro mailing list