[Bro] comparing Bro
bpatters at fit.edu
Wed Nov 3 12:25:19 PST 2004
I am researching Bro for a school project at Florida Tech. We are required
to compare the output of Bro and Snort on traffic captures. I know about
the "snort2bro" command. I was wondering if anyone could give me a couple
of examples of the command-line syntax for the instruction. I am using Bro
0.8 with the following command:
> bro -r capture.tcpdump mt.bro
which triggers the following bro alerts - 'alert', 'ftp', 'log' and 'weird'
> snort2bro capture.tcpdump <not sure what to put here...>
I would like to analyze how Short handles these 4 alerts.
More information about the Bro