[Bro] number of connections to the same port in 100 connections
Salman, Tara
tara.salman at wustl.edu
Thu Jun 30 10:30:46 PDT 2016
Hi everyone,
I am trying to find the number of connections having the same source ip and destination port in the last 100 connection using bro commands
I managed to get the number in all connections using:
bro-cut id.orig_h id.orgi_p < conn.log | sort| uniq -c| sort -rn
which is working fine but i need to modify this to include only the last 100 connections in the log file. is there a way to do that ?
thanks in advance
More information about the Bro
mailing list