I am currently working with BinPAC++ to write detectors for various protocols, and I am attempting to use Dynamic Protocol Detection in them, but I cannot find documentation on how to implement it. I can however, find references to being able to use DPD analyzers with BinPAC++, so I know it is possible. Does anyone have insight onto how to use this?
There's a function to call at the time you consider the protocol
detected: Bro::dpd_confirm(). See bro/pac2/http.pac2 for an example.
Hello, and thank you for your answer.
I think I have gotten it working except for the fact that my detector only triggers on the specific type of traffic I am attempting to track, even if the different types of data are on the same port, but for some reason it only works when I specify one or more ports, and when I leave the port blank, it doesn’t detect it at all. Is there a way to specify that it should listen on all ports?