[Bro] connection states

Ron Jenkins rjenkins at rmjconsulting.net
Sun Jul 21 03:30:29 PDT 2013


FYI

I found the below link.


Thanks


http://www.icir.org/robin/rwth/bro-tour.pdf



Ron Jenkins (SnortCP, VCP (3/4), MCNE, CNE6, MCP,CCNA)
RMJ Consulting, LLC. "Bringing Companies and Solutions Together"
Makers of Active Response System(ARS) & Log Siphon
Owner / Senior Architect
Physical Address
11715 Bricksome Ave STE B-7
Baton Rouge, LA 70816
Mail Address
7575 Jefferson Hwy #103
Baton Rouge, LA 70806
Toll: 855-448-5214
Direct. 225-448-5214
Fax. 225-448-5324
Cell. 225-931-1632
Email. rjenkins at rmjconsulting.net
Web. http://www.rmjconsulting.net<http://www.rmjconsulting.net/>
ARS. http://www.rmjars.com<http://www.rmjars.com/>
Log Siphon. http://www.logsiphon.com<http://www.logsiphon.com/>
Linkedin. http://www.linkedin.com/profile/view?id=28564151&trk=tab_pro



From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of Laleh Arshadi
Sent: Sunday, July 21, 2013 1:11 AM
To: Bro IDS
Subject: [Bro] connection states

Dear all,

Seems that Bro classifies connections into a number of states in its "connection summaries" log files. States such SF, REJ, etc. upon which it then classifies the connection into one of the three states "good", "bad' or "unkown". I was wondering if one could give me a direct pointer to a reference in which these states are discussed thoroughly.

Regards
L. Arshadi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130721/b7505a1a/attachment.html 


More information about the Bro mailing list