Control flow

Hello developers,

I am a bachelors in engineering student from India and doing a project in bro-IDS for network analysis and scripts for interesting data.

I need to understand the work flow of bro from packet capture stage to the final logging stage with reference to the order in which the activities occur in bro for HTTP protocol.

This is the understanding that I have developed and please correct me if I am wrong.

As far as I have understood, bro first takes in a pcap file and the init-bare.bro extracts the information from it using the framework for protocol independent data. This data is supplied to the corresponding protocol which acts on it for the relevant data and generates events which are handled by the event handlers and these handlers take the actions of notice or logging etc.

My question is what is the mechanism for analysing the packet and the order in which the bro code is sequenced?

Hope to get a reply soon!


Prateek Gupta