[Bro] Flow Statistics in BRO

Robin Sommer robin at icir.org
Wed Oct 10 13:58:05 PDT 2007


On Wed, Oct 10, 2007 at 15:40 -0400, Danny Nechay wrote:

> I have a trace file (from using TCPdump) and I would like to know how to get
> the flow statistics of this file using BRO (i.e. what would be the command
> line argument).

"bro -r trace tcp" should do it if you're only concerned about TCP.
For UDP and ICMP add "udp" and "icmp" to the command line,
respectively. 

Robin

-- 
Robin Sommer * Phone +1 (510) 931-5555 * robin at icir.org 
ICSI/LBNL    * Fax   +1 (510) 666-2956 *   www.icir.org



More information about the Bro mailing list