[Bro] monitoring node conversations vs. communications protocols
Earl Eiland
earl.eiland at root9b.com
Tue Jun 9 16:05:15 PDT 2015
I've been scouring the bro scripts, technical papers, etc., to determine how to map and monitor node conversations vs. communications (service) protocols on a network. I could use information in conn.log, if the services column was fully populated. Unfortunately, it doesn't appear that the services variable entered in the conn.log comes from the protocol detection scripts. I'm new to bro, so it's quite possible I've missed something, but it is looking like I may have to modify the bro source code. Please advise!
Best Regards,
Earl Eiland,
Sr. Cyber Security Engineer,
Emerging Technologies, root9B,
San Antonio, Texas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150609/ced10c4f/attachment.html
More information about the Bro
mailing list