[Bro] List of connections
Mark Dedlow
mtdedlow at lbl.gov
Tue Nov 7 17:48:04 PST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Abhinay Kampasi wrote:
> Is there any policy file in Bro that reports all connections present in the
> traffic seen by Bro? Does conn.bro provide this functionality?
conn.bro only logs TCP. Depending on what you mean by "connection",
you may also want udp.bro and/or icmp.bro.
Also, note that conn.bro does not *only* log connections.
It does intrusion analysis -- for example, scan detection.
Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
iD8DBQFFUTdUQ4njmwFOz6wRAuCtAJ9BRCZMkCbZDFlxq1A1qMR2CBzICgCghcQF
RZvn+tu5ZQHQ1fZnvjUw/2U=
=oPKf
-----END PGP SIGNATURE-----
More information about the Bro
mailing list