[Bro] nprobe, ngrep, tcpdump and tcpflow -like behavior of BRO ids?
Panos Sakkos
panos.sakkos at gmail.com
Mon Dec 12 08:08:43 PST 2011
I am sorry for my incomplete question.
Here are the functionalities we need:
nprobe => convert raw network traffic to netflow format
ngrep => extract fields from incoming and outgoing HTTP traffic (url, referer, ...)
tcpdump => store size-limited TCP session (for an incoming SSH connection for example)
tcpflow => reconstruct TCP flows for given sessions (given source ip for example)
Thank you,
Panos
On Dec 12, 2011, at 4:19 PM, Seth Hall wrote:
>
> On Dec 12, 2011, at 4:29 AM, Panos Sakkos wrote:
>
>> I want to ask you if BRO ids can totally replace the following software:
>>
>> • nprobe
>> • ngrep
>> • tcpdump
>> • and tcpflow
>
> Instead of pointing to tools and asking if Bro can replace them, could you explain tasks you need to accomplish with a network monitoring tool? All of those tools have a lot of functionality and Bro certainly doesn't implement every bit of functionality they have. :)
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
More information about the Bro
mailing list