A Treatise on Writing Packet Parsers for the RSA NetWitness Platform
PARSERS - A Treatise on Writing Packet Parsers for RSA NetWitness
If you're interested in learning to write your own custom packet parsers, this is the information you need. It covers parser writing from the ground up.
It begins with the fundamentals, such as the of role parsers, what makes for good meta, and how parsers see sessions. It covers the basics of finding, extracting, and registering meta, as well as how to debug your parser. It discusses intermediate and advanced parser capabilities, as well as some alternate techniques. It even includes a selection of parsers from Live in plaintext.
The book itself is provided in both Word and PDF. The example parsers are included both as individual files and embedded in the Word document.
CAVEAT: This isn't intended to be official documentation, and has not been blessed as such.