[Bro] New layer 2 analyzer
Dane Wullen
brot212 at googlemail.com
Mon Oct 3 04:14:30 PDT 2016
Hi there,
I want to write an analyzer to detect EtherCat traffic, which is
encapsulated in layer 2 (like ARP). I wanted use the BinPAC language to
create this analyzer, but I found out that BinPAC only supports
protocols that areencapsulated in TCP/UDP. (correct me if I'm wrong :-) )
Now I'm thinking about writing that analyzer without BinPAC, but I'm not
really sure where to start. Can anyone give me a few hints or could tell
me his/her experience in writing a new protocol analyzer with C++ for Bro?
Thank you and have a nice day!
-Dane
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161003/dc9d4dea/attachment.html
More information about the Bro
mailing list