[Bro] Flow statistic

CS Lee geek00l at gmail.com
Wed Oct 10 17:34:30 PDT 2007


Hi there,

Regarding flow statistic, you can do -

bro -r whatever.pcap tcp udp icmp conn

It will generate the connection summaries for you which is pretty close to
what flow means. If you want to generate further statistic, you can use
ipsumdump + ipaggcreate.

Or if you are looking for something exactly like you have mentioned, take a
look at argus -

http://qosient.com/argus

Sometimes we really need right tool for the right job.

-- 
Best Regards,

CS Lee<geekooL[at]gmail.com>

http://geek00l.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20071011/4bab264b/attachment.html 


More information about the Bro mailing list