[Bro] Getting flow stats from Bro

Jim Simpson jim.simpson.work at gmail.com
Wed Feb 15 13:14:21 PST 2017


Is there an existing set of scripts for Bro to get flow stats?

I'm looking for counts, avg, and std dev on small packets, large packets,
nonempty packets, interarrival times, etc, similar to what YAF gives with
the `--flow-stats` option. I'm also interested in the Shannon entropy of
the payload, similar to what YAF gives with the `--entropy` option.
https://tools.netsa.cert.org/yaf/yaf.html

- Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170215/a60a0f61/attachment.html 


More information about the Bro mailing list