[Bro] Flow statistic

CS Lee geek00l at gmail.com
Wed Oct 10 17:34:30 PDT 2007

Hi there,

Regarding flow statistic, you can do -

bro -r whatever.pcap tcp udp icmp conn

It will generate the connection summaries for you which is pretty close to
what flow means. If you want to generate further statistic, you can use
ipsumdump + ipaggcreate.

Or if you are looking for something exactly like you have mentioned, take a
look at argus -


Sometimes we really need right tool for the right job.

Best Regards,

CS Lee<geekooL[at]gmail.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20071011/4bab264b/attachment.html 

More information about the Bro mailing list