[Bro] Bro connections v. NetFlow

Hoelzer, Dave dhoelzer at sans.org
Wed Aug 24 17:48:09 PDT 2016


Netflow connections are generally logged and a new connection recorded if they exceed 30 minutes.  That’s one.

———————————————————
David Hoelzer
Fellow, SANS Institute
Dean of Faculty, SANS Technology Institute


On August 24, 2016 at 1:45:07 PM, Navraj Singh (navraj42 at gmail.com<mailto:navraj42 at gmail.com>) wrote:

Hi,

I was wondering what some major differences are between the concept of a 'connection' in Bro and a a 'flow' in NetFlow. Or are they essentially the same concept? If this requires a detailed answer, a reference would be very helpful!

Thank you!
_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160825/a5fa7025/attachment.html 


More information about the Bro mailing list