[Bro] BRO IDS
Miller, Brad L
BLMILLER at comerica.com
Mon May 15 06:21:02 PDT 2017
I think that entirely depends upon the placement of the sniffing points. If you sniff on a network without placing at an egress or ingress point, you will see multicast/broadcast traffic that you happen to see, but not much more of interest.
Is your sniffing interface placed well to monitor traffic of interest to you? What spanning/mirroring technology are you using?
From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of Raj Kumar
Sent: Monday, May 15, 2017 5:28 AM
To: bro at bro.org
Subject: [Bro] BRO IDS
Hi All,
I have installed bro ids for network security monitoring ,am trying to match the ip address of threats feeds with ip address in bro logs.But am getting only multicast 224.0.0.251 239.255.255.250 and not the actual destination ip .How to get the exact ip address in BRO logs.
Any help would be really helpful
Thanks,
Raj
Please be aware that if you reply directly to this particular message, your reply may not be secure. Do not use email to send us communications that contain unencrypted confidential information such as passwords, account numbers or Social Security numbers. If you must provide this type of information, please visit comerica.com to submit a secure form using any of the ”Contact Us” forms. In addition, you should not send via email any inquiry or request that may be time sensitive. The information in this e-mail is confidential. It is intended for the individual or entity to whom it is addressed. If you have received this email in error, please destroy or delete the message and advise the sender of the error by return email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170515/c102540b/attachment.html
More information about the Bro
mailing list