[Bro] using Bro as traffic analyzer.

[readon shaw]

I was searching for a long time to find a framework can support fast & custom network traffic analysis.
some specific features of traffic data from monitor, such as interval of SYN and SYN-ACK, should be extracted and grouped by host.
i find Bro is so widely used, which seems can fulfill the requirement.
Can i disable other functions embedded in Bro, and add a plugin myself?
What is the point to archieve this, modify the core .cpp source file or add a .bro file?

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20111204/d9f7a99d/attachment.html