[Bro] List of connections
Abhinay Kampasi
abhinay at cs.utexas.edu
Tue Nov 7 17:49:57 PST 2006
Thanks Mark, I only wanted TCP connection info.
Regards,
Abhinay
-----Original Message-----
From: Mark Dedlow [mailto:mtdedlow at lbl.gov]
Sent: Tuesday, November 07, 2006 7:48 PM
To: Abhinay Kampasi
Cc: bro at bro-ids.org
Subject: Re: [Bro] List of connections
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Abhinay Kampasi wrote:
> Is there any policy file in Bro that reports all connections present in
the
> traffic seen by Bro? Does conn.bro provide this functionality?
conn.bro only logs TCP. Depending on what you mean by "connection",
you may also want udp.bro and/or icmp.bro.
Also, note that conn.bro does not *only* log connections.
It does intrusion analysis -- for example, scan detection.
Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
iD8DBQFFUTdUQ4njmwFOz6wRAuCtAJ9BRCZMkCbZDFlxq1A1qMR2CBzICgCghcQF
RZvn+tu5ZQHQ1fZnvjUw/2U=
=oPKf
-----END PGP SIGNATURE-----
More information about the Bro
mailing list