[Bro] Flow statistic
geek00l at gmail.com
Wed Oct 10 17:34:30 PDT 2007
Regarding flow statistic, you can do -
bro -r whatever.pcap tcp udp icmp conn
It will generate the connection summaries for you which is pretty close to
what flow means. If you want to generate further statistic, you can use
ipsumdump + ipaggcreate.
Or if you are looking for something exactly like you have mentioned, take a
look at argus -
Sometimes we really need right tool for the right job.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro