[Bro] monitoring node conversations vs. communications protocols

Earl Eiland earl.eiland at root9b.com
Tue Jun 9 16:05:15 PDT 2015


I've been scouring the bro scripts, technical papers, etc., to determine how to map and monitor node conversations vs. communications (service) protocols on a network.   I could use information in conn.log, if the services column was fully populated.  Unfortunately, it doesn't appear that the services variable entered in the conn.log comes from the protocol detection scripts.  I'm new to bro, so it's quite possible I've missed something, but it is looking like I may have to modify the bro source code. Please advise!


Best Regards,

Earl Eiland,
Sr. Cyber Security Engineer,
Emerging Technologies, root9B,
San Antonio, Texas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150609/ced10c4f/attachment.html 


More information about the Bro mailing list