Parse LDAP messages from a pcap

Zakaria_Hili · November 25, 2015, 6:44pm

Hello,

I need to parse LDAP messages from a pcap. So what I did is I tried to search for some Bro’s events of LDAP but I failed. So I was wondering if there’s some and that I missed them. If no, how can I then code a dissector of ldap easily so I could use it in events that I have to implement?

Thank you for your help and keep up the good work!

ᐧ

Vlad_Grigorescu1 · December 1, 2015, 4:15pm

Zakaria,

There’s no LDAP analyzer in Bro. LDAP is not a simple protocol, but if you’d like to try writing an analyzer, you might want to check out the following resources:

https://www.bro.org/development/howtos/binpac-sample-analyzer.html

https://www.youtube.com/watch?v=1eDIl9y6ZnM

Best,

–Vlad

Topic		Replies	Views
LDAP Analyzer Zeek	1	87	May 6, 2022
LDAP Analyzer Zeek	2	118	May 6, 2022
Questions about Bro's DNS Parser Zeek	13	139	May 6, 2022
Do the Bro support LDAP protocol Zeek	1	65	May 6, 2022
A more parallel Bro Zeek	5	202	May 6, 2022

Parse LDAP messages from a pcap

Related Topics