[Bro] Developing a Bro protocol analyzer as a plugin

Kellogg, Brian D (OLN) bkellogg at dresser-rand.com
Thu May 5 08:34:30 PDT 2016


Thanks Luis for this!

OpenNSM has a couple good videos on Youtube for this as well.
https://www.youtube.com/watch?v=eZAgqSFd9-c 

Where I get lost is for protocols with more complex fields and sub fields
when trying to chain them together in the pac file definitions.  It's been a
while so I can't remember specifically where I got stuck.  Haven't had time
to dig into it again but it was fun to work with the little I have worked
with it so far.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5073 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160505/645048a9/attachment-0001.bin 


More information about the Bro mailing list