[Bro] New layer 2 analyzer

Dane Wullen brot212 at googlemail.com
Mon Oct 3 04:14:30 PDT 2016


Hi there,

I want to write an analyzer to detect EtherCat traffic, which is 
encapsulated in layer 2 (like ARP). I wanted use the BinPAC language to 
create this analyzer, but I found out that BinPAC only supports 
protocols that areencapsulated in TCP/UDP. (correct me if I'm wrong :-) )

Now I'm thinking about writing that analyzer without BinPAC, but I'm not 
really sure where to start. Can anyone give me a few hints or could tell 
me his/her experience in writing a new protocol analyzer with C++ for Bro?


Thank you and have a nice day!

-Dane


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161003/dc9d4dea/attachment.html 


More information about the Bro mailing list