[Bro] Bro connections v. NetFlow

Seth Hall seth at icir.org
Tue Aug 30 07:09:18 PDT 2016

> On Aug 25, 2016, at 6:16 AM, Alec Waters <Alec.Waters at dataline.co.uk> wrote:
> We set our routers to export flows after one minute if they’re still in progress (it’ll continue to send a flow export every minute until it’s complete). More info here:

The fun part about Bro is that it's a scripting language and we can do whatever we want! :)

Here's a script that I wrote in Broala a while ago that we're releasing under the BSD license.

I think I will need to do a bit more work on this to make it more like flow cutting, but at the very least it now makes active connections visible.  Any feedback would be appreciated.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160830/eb717f06/attachment.bin 

More information about the Bro mailing list