finger and port scan test to bro

Vern Paxson vern at aciri.org
Tue Nov 20 00:03:41 PST 2001


The most likely problem is that you're not specifying what network interface
to read from, using either -i or the "interfaces" policy variable.  If you
don't, then Bro doesn't read any network traffic.

If you are, then the next thing to do is to record the network traffic using

	tcpdump -s 8192 -w trace.file

and then (once you verify that the traffic was properly captured) running
Bro from that file using

	bro -r trace.file mt.bro

- Vern



More information about the Bro mailing list