about class Dcitionary
Vern Paxson
vern at icir.org
Sat Sep 28 20:42:21 PDT 2002
> As you kownn, snort works on packet data, while Bro works on connection
> data.
Bro also has a signature engine that can read Snort rules, per the
CHANGES file.
> I
> want to know how to use Bro to save all the connection to dist file.
I don't quite know what you mean. Bro writes connection summaries to
stdout if you load tcp.bro (or the usual load of mt.bro). It also can
write a tcpdump packet trace file if you specify -w file.
Vern
More information about the Bro
mailing list