[Bro] Documentation and getting started.
daniel_aka_sniper_d at hotmail.com
Tue Oct 17 06:38:29 PDT 2017
Thanks a lot just what I needed, trying to search for everything just takes up too much time.
Running as root is just sudo -s then broclt right or do I need to change it as stated in that link you sent me?
No tcpdump does not work against br0 but it runs agains eth0 and eth1. I have assigned a IP address to br0, is this even required? I tried to use OpenBSD to accomplish a network tap but brconfig that configures the bridge is not in the operating system for some reason. I gett an error saying its not recognised, after many hours of searching I couldn't find a solution.
Linux is a pain in the backside, it takes up soo much time trying to find solutions to problems.
This is my layout, I have put everything on the same subnet to just to get things started.
VM ethernet adapter(my PC)
192.168.10.5 - no gateway
br0 192.168.10.1 - no gateway
eth0 192.168.10.2 - no gateway
eth1 192.168.10.3 - no gateway
192.168.10.6 - gw 192.168.10.2
Linux Kali Attacker
192.168.10.7 - gw 192.168.10.3
On 16/10/2017 20:20, Jim Mellander wrote:
Check this link for info on
the bro directory structure that may help you: https://www.bro.org/sphinx/install/release-notes.html#script-organization
As far as monitoring a bridged interface, there should be no problem, as long as bro can access the interface. If you're not running as root, see: https://www.bro.org/documentation/faq.html#how-can-i-capture-packets-as-an-unprivileged-user
Does tcpdump provide expected output when run against br0?
Hope this helps,
On Mon, Oct 16, 2017 at 9:49 AM, Sniper <daniel_aka_sniper_d at hotmail.com<mailto:daniel_aka_sniper_d at hotmail.com>> wrote:
Is there reference page on all the default installation directory
locations are by any chance? $PREFIX just makes it a very long process
establishing where all the files are located. If not, I think this would
be excellent for beginners like me.
Also, I have created a bridge interface that I want to monitor using
ubuntu/bro by connecting two hosts, for some reason I can't seem to
generate any logs in /usr/local/bro/logs/ (no 'current' folder when bro
is started as in the documentation). Is this even possible to monitor a
bridge interface using bro on the same host? I have already changed
node.cfg interface to br0.
There are no tutorials nowhere on how to actually get started, tried to
follow the instructions but still no luck, ive been wasting days on
this. If someone could point me in the right direction i'll greatly
This email has been checked for viruses by Avast antivirus software.
Bro mailing list
bro at bro-ids.org<mailto:bro at bro-ids.org>
[https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif]<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> Virus-free. www.avast.com<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro