A Treatise on Writing Packet Parsers for the RSA NetWitness Platform

File uploaded by William Motley Employee on Mar 30, 2016Last modified by William Motley Employee on Sep 16, 2020
Version 6Show Document
  • View in full screen mode

PARSERS - A Treatise on Writing Packet Parsers for RSA NetWitness


If you're interested in learning to write your own custom packet parsers, this is the information you need.  It covers parser writing from the ground up.


It begins with the fundamentals, such as the of role parsers, what makes for good meta, and how parsers see sessions.  It covers the basics of finding, extracting, and registering meta, as well as how to debug your parser.  It discusses intermediate and advanced parser capabilities, as well as some alternate techniques.  It even includes a selection of parsers from Live in plaintext.


The book itself is provided in both Word and PDF.  The example parsers are included both as individual files and embedded in the Word document.


CAVEAT:  This isn't intended to be official documentation, and has not been blessed as such.