A Treatise on Writing Packet Parsers for the RSA NetWitness Platform

File uploaded by William Motley Employee on Mar 30, 2016Last modified by Scott Marcus on Sep 5, 2018
Version 5Show Document
  • View in full screen mode

PARSERS - A Treatise on Writing Packet Parsers for RSA NetWitness

 

If you're interested in learning to write your own custom packet parsers, this is the information you need.  It covers parser writing from the ground up.

 

It begins with the fundamentals, such as the of role parsers, what makes for good meta, and how parsers see sessions.  It covers the basics of finding, extracting, and registering meta, as well as how to debug your parser.  It discusses intermediate and advanced parser capabilities, as well as some alternate techniques.  It even includes a selection of parsers from Live in plaintext.

 

The book itself is provided in both Word and PDF.  The example parsers are included both as individual files and embedded in the Word document.

 

CAVEAT:  This isn't intended to be official documentation, and has not been blessed as such.

Attachments

Outcomes