what application layer protocols could Bro-2.1 identify using its default configuration?

The answer to your question can be very complex.

First, Bro’s application layer analyzer can be written by binpac or directly by c++ (in src, *.pac codes are the binpac scripts, so you can know what analyzers are written by binpac). Most analyzer developed in the early stage is directly written by C++, for those codes, how they are enabled, I am not quite sure. For binpac analyzer, there are three ways of enabling a analyzer, which can be found in http://www.bro-ids.org/development/dpd.html (Determining Analyzer Activation ).

Even if the binpac analyzer is always enabled, it may not be working if you don’t define any event handler related to this analyzer. As a result, you have to check what policies are loaded by default, which can be found in /share/bro/base under bro’s installation directory (not source code directory).

HI, Hui:

Thank you very much for your information!