[Bro] TORRENT Detection -BRO

Johanna Amann johanna at icir.org
Tue May 30 10:12:49 PDT 2017


> Will I be able to detect torrent download using bro, i could see some
> torrent analyzers,is there any load statement should i include in local.bro
> or how  to detect?

The Bittorrent analyzer in Bro has not been touched in years and I assume
that it is not functional (it certainly has not been tested by anyone in a
long time).

If you are interested in trying to enable it, you will have to write all
scripts yourself. As you probably are aware for most protocol analyzers we
have scripts in base/ that create the logfiles that are written to disk.
These scripts were never created for the Bittorrent analyzer - you would
have to write them from scratch (and as I mentioned I have doubts if it
still works).

So - short version - there is no quick and easy way to enable it


