Parse LDAP messages from a pcap


I need to parse LDAP messages from a pcap. So what I did is I tried to search for some Bro’s events of LDAP but I failed. So I was wondering if there’s some and that I missed them. If no, how can I then code a dissector of ldap easily so I could use it in events that I have to implement?

Thank you for your help and keep up the good work!


There’s no LDAP analyzer in Bro. LDAP is not a simple protocol, but if you’d like to try writing an analyzer, you might want to check out the following resources: