[Bro] How bro create an event from a packet?
Luo Xin
kingsleyluoxin at hotmail.com
Tue Mar 21 18:35:50 PDT 2017
My puzzles mainly exist in the states managing of bro.
I have noticed that there are C++ code for the implemention of DFA and NFA.
Nevertheless, I could not find where it is invoked.
So I was wondering if anyone could tell me where I can find the use of state machine.
In addition, I also want to know about how bro transfer low level pcap file into high level event.
I have read some information about that of protocol based on TCP or UDP
and been aware that they are implemented by means of binpac tool.
But I still want to know how lower level protocol such as IP or TCP
can transfer pcap packets into bro events.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170322/f1d29849/attachment.html
More information about the Bro
mailing list