Protocol Analyzer Template

Jason_Batchelor · August 22, 2014, 5:09pm

Hello:

I am interested in writing a protocol analyzer, however, I really did not know exactly where to start.

I checked out the presentation here:
https://www.youtube.com/watch?v=1eDIl9y6ZnM

It was fantastic, and helped me understand more about what the requirements are.

Toward the end of the presentation there is mention of a script that auto generates the basic files you need to create your analyzer. Unfortunately, the deck states it is yet to be released. Does anyone know if this has happened yet?

Additionally, I noticed that some of the directories/files the presenter mentions are not present in my installation. For example:

src/analyzers/protocol (not present)

I do not see any .pac files either.

I may be (likely) missing something. If so, please kindly point it out to me. If not, were there changes made that would make much of the location information provided in the presentation irrelevant? Could someone kindly issue a refresher or point me to one?

Many thanks,
Jason

Vlad_Grigorescu1 · August 22, 2014, 6:28pm

Hi Jason,

The scripts are available here: https://github.com/grigorescu/binpac_quickstart

Please note that these won’t work with current git master, due to the recently added plugin support (more specifically, the files that are generated are correct, just the paths are wrong).

It will work with Bro 2.3, though. Updating this to work with master is on my todo list.

–Vlad

Topic		Replies	Views
Writing a new analyzer Zeek	4	73	May 6, 2022
Developing a Bro protocol analyzer as a plugin Zeek	6	124	May 6, 2022
using binpac for protocol parser Zeek	1	91	May 6, 2022
Requesting some pointers- Adding a new protocol to BRO- Facing problems Zeek	3	73	May 6, 2022
Writing a Protocol Analyzer Plugin Development development	10	231	May 6, 2022

Protocol Analyzer Template

Related topics