[Bro] nprobe, ngrep, tcpdump and tcpflow -like behavior of BRO ids?

Seth Hall seth at icir.org
Mon Dec 12 07:19:05 PST 2011

On Dec 12, 2011, at 4:29 AM, Panos Sakkos wrote:

> I want to ask you if BRO ids can totally replace the following software:
> 	• nprobe
> 	• ngrep
> 	• tcpdump
> 	• and tcpflow 

Instead of pointing to tools and asking if Bro can replace them, could you explain tasks you need to accomplish with a network monitoring tool?  All of those tools have a lot of functionality and Bro certainly doesn't implement every bit of functionality they have. :)

Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list