[Bro] New Bro User
jhnovak at gmail.com
Mon May 12 06:47:19 PDT 2008
I'm trying to become familiar with Bro and have installed the stable
release 1.2.1 on an Ubuntu VMware image running a 2.6 kernel.
I have been following the documentation and wanted to see if I have
everything installed properly by first reading a pcap to generate an alarm.
I was looking at the reference manual, specifically Chapter 2: Getting
Started 126.96.36.199 Traffic traces. I wanted to emulate the:
bro -r example.ftp-attack.trace brolite
where I was supposed to see a connection summary in stdout and some kind of
alarm. I didn't find that particular pcap with the installation as the
documentation says, but used a pcap from an earlier bro package -
ftp-site-exec.trace. I ran the bro above command using this pcap, but I
don't see any output at all. I'm familiar with Snort so I've used an IDS
before. I just can't figure out what I might be doing wrong. Can someone
Thanks a lot - Jesse
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro