[Bro] bro for application identification
cr409 at cam.ac.uk
Fri Dec 4 04:50:20 PST 2009
I am trying to use bro for payload based application identification from
a pcap trace. I am currently loading the following bro files:
dpd, conn, bittorrent,, dhcp, dns, ftp, gnutella, http, ident, icmp,
irc, login, nfs, ntp, pop3, rsh, ssh, tcp, smtp, tftp, udp
and use the conn.log file to check the label of a flow.
Is there a better to perform this task?
More information about the Bro