Binpac: A yacc for writing application protocol parsers

Ruoming Pang, Vern Paxson, Robin Sommer, Larry Peterson

Research output: Chapter in Book/Report/Conference proceedingConference contribution

83 Scopus citations

Abstract

A key step in the semantic analysis of network traffic is to parse the traffic stream according to the high-level protocols it contains. This process transforms raw bytes into structured, typed, and semantically meaningful data fields that provide a high-level representation of the traffic. However, constructing protocol parsers by hand is a tedious and error-prone affair due to the complexity and sheer number of application protocols.This paper presents binpac, a declarative language and compiler designed to simplify the task of constructing robust and efficient semantic analyzers for complex network protocols. We discuss the design of the binpac language and a range of issues in generating efficient parsers from high-level specifications. We have used binpac to build several protocol parsers for the "Bro" network intrusion detection system, replacing some of its existing analyzers (handcrafted in C++), and supplementing its operation with analyzers for new protocols. We can then use Bro's powerful scripting language to express application-level analysis of network traffic in high-level terms that are both concise and expressive. binpac is now part of the open-source Bro distribution.

Original languageEnglish (US)
Title of host publicationProceedings of the 2006 ACM SIGCOMM Internet Measurement Conference, IMC 2006
Pages289-300
Number of pages12
DOIs
StatePublished - 2006
Event6th ACM SIGCOMM on Internet Measurement Conference, IMC 2006 - Rio de Janeriro, Brazil
Duration: Oct 25 2006Oct 27 2006

Publication series

NameProceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

Other

Other6th ACM SIGCOMM on Internet Measurement Conference, IMC 2006
Country/TerritoryBrazil
CityRio de Janeriro
Period10/25/0610/27/06

Keywords

  • Parser generator
  • Protocol

ASJC Scopus subject areas

  • Engineering(all)

Fingerprint

Dive into the research topics of 'Binpac: A yacc for writing application protocol parsers'. Together they form a unique fingerprint.

Cite this