[Bro] comparing Bro

Bryan Patterson bpatters at fit.edu
Wed Nov 3 12:25:19 PST 2004


I am researching Bro for a school project at Florida Tech. We are required
to compare the output of Bro and Snort on traffic captures. I know about
the "snort2bro" command. I was wondering if anyone could give me a couple
of examples of the command-line syntax for the instruction. I am using Bro
0.8 with the following command:

> bro -r capture.tcpdump mt.bro

which triggers the following bro alerts - 'alert', 'ftp', 'log' and 'weird'

for snort2bro:
> snort2bro capture.tcpdump <not sure what to put here...>

I would like to analyze how Short handles these 4 alerts.

Melbourne, FL

More information about the Bro mailing list