Re: [Bro-Dev] Writing analyzer for Siemens PLC
On Wed, May 02, 2018 at 22:22 +0200, you wrote: > 1) Reassembling packets: Some S7CommPlus packets which payload is over a > certain amount of bytes will be split and need to be reassembled. As a couple quick pointers, the DNP3 and DTLS analyzers face a similar task, you might find some ideas there. > If I want to generate a Bro events which contains the payload as a > parameter, how do I do that? If with "payload" you mean the raw bytes, you would pass that as a string into the event. But it's hard to do much with raw data that in script-land. The common way would be instead creating one event per type of payload and then raising the corresponding event as you parse packets and find out what's in there. Robin -- Robin Sommer * ICSI/LBNL * ro...@icir.org * www.icir.org/robin ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
Re: [Bro-Dev] Final Broker branch testing
On 3 May 2018, at 14:20, Jon Siwek wrote: > On 5/2/18 9:59 AM, Johanna Amann wrote: > (3) I need to try to hack our CMake system more to try to get back down to 2.8.12 while still being able to embed CAF. > > I think (hope!) I was mistaken and everything already works with > 2.8.12 (structure of CMake docs previously led me to think it > wouldn't) and just needed the version check moved back down, sorry for > the noise. > Yay, that is really good news, thanks :) Johanna ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
Re: [Bro-Dev] Final Broker branch testing
On 5/2/18 9:59 AM, Johanna Amann wrote: >>> (3) I need to try to hack our CMake system more to try to get back down >>> to 2.8.12 while still being able to embed CAF. I think (hope!) I was mistaken and everything already works with 2.8.12 (structure of CMake docs previously led me to think it wouldn't) and just needed the version check moved back down, sorry for the noise. Otherwise, I've stabilized some unit tests and made a merge request [1] for the broker branch. - Jon [1] https://bro-tracker.atlassian.net/browse/BIT-1653 ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
