[Bro] bro for application identification

Charalampos Rotsos cr409 at cam.ac.uk
Fri Dec 4 04:50:20 PST 2009

I am trying to use bro for payload based application identification from
a pcap trace. I am currently loading the following bro files:
dpd, conn, bittorrent,, dhcp, dns, ftp, gnutella, http, ident, icmp,
irc, login, nfs, ntp, pop3, rsh, ssh, tcp, smtp, tftp, udp

and use the conn.log file to check the label of a flow.

Is there a better to perform this task?


More information about the Bro mailing list