[Bro] Flow Statistics in BRO
robin at icir.org
Wed Oct 10 13:58:05 PDT 2007
On Wed, Oct 10, 2007 at 15:40 -0400, Danny Nechay wrote:
> I have a trace file (from using TCPdump) and I would like to know how to get
> the flow statistics of this file using BRO (i.e. what would be the command
> line argument).
"bro -r trace tcp" should do it if you're only concerned about TCP.
For UDP and ICMP add "udp" and "icmp" to the command line,
Robin Sommer * Phone +1 (510) 931-5555 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro