Requesting some pointers- Adding a new protocol to BRO- Facing problems

Aniket_Savanand · March 20, 2016, 12:43am

Hi

I am trying to write a new protocol AMQP to the BRO.
So I wrote analyzer files for AMQP by referring to the existing protocols files written in src/analyzer/protocol.
I build and installed it correctly. and even tried to detect AMQP traffic using BRO.
But this case BRO does not.

Where would be wrong? is it the correct way to add new protocol/analyzer to the BRO?

Could you point me to right direction.

Thanks
Aniket Savanand
SJSU, CA
669-226-8162

Vlad_Grigorescu3 · March 21, 2016, 3:31pm

Hello,

Our relevant documentation is available at:

https://www.bro.org/development/howtos/dpd.html
https://www.bro.org/development/howtos/binpac-sample-analyzer.html

My guess is that there's an issue with how the analyzer is registered in
the Bro scripts and it's not being attached to the correct traffic. The
DPD write-up should go into detail about that.

--Vlad

Aniket Savanand <aniketpsavanand@gmail.com> writes:

Aniket_Savanand · March 21, 2016, 8:47pm

Thank a lot.

I will start integrating AMQP analyzer with step mentioned on binpac page.

Thanks
Aniket

Topic		Replies	Views
Implementing new layer 2 Protocol Zeek	2	101	May 6, 2022
Writing a new analyzer Zeek	4	73	May 6, 2022
Developing a Bro protocol analyzer as a plugin Zeek	6	124	May 6, 2022
Protocol Analyzer Template Zeek	2	112	May 6, 2022
Integrating AMQP in BRO via BINPAC Zeek	1	83	May 6, 2022

Requesting some pointers- Adding a new protocol to BRO- Facing problems

Related topics