[Bro] Is it applicapable to specific target ip using command line in bro?
sridhar basam
sri at basam.org
Tue Dec 6 07:23:23 PST 2011
On Tue, Dec 6, 2011 at 4:01 AM, Readon Shaw <xydarcher at 163.com> wrote:
> **
> I want to analysis traffic in/out specific host (identified by ip)
> in trace file,
> where processing for in/out streams are different. So i would be a problem
> to
> notify the script what is my target host. A python script was used to
> generate
> the command lines, such as
> bro -r xxx.pcap yyyy.bro.
> But here the bro script can't get the target ip through this kind
> of command.
> Is there any mechanism in bro to fulfull this requirement?
>
Could you just script it to pass the ip as a filter to bro?
bro -r <file.pcap> -f "host a.b.c.d" myscript.bro?
Sridhar
>
> There is a way to config ip in files, but i think that would meet its
> limited
> on multi-thread processing.
>
> or broccoli-python suit for me? how would it communicate with a trace file
> based bro server?
>
> ------------------------------
> Readon Shaw
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20111206/1dd0f15f/attachment.html
More information about the Bro
mailing list