[Bro] BRO IDS

Raj Kumar rak at capmon.dk
Mon May 15 06:46:51 PDT 2017 

Thank you very much  for the reply.
I just installed the bro in my linux machine and i edited node.cfg
[bro]
type=standalone
host=localhost
interface=eth0
broargs= -i wlan0

thats it :)

Please do let me know ,what has to be done.

On 15 May 2017 at 15:21, Miller, Brad L <BLMILLER at comerica.com> wrote:

> I think that entirely depends upon the placement of the sniffing points.
> If you sniff on a network without placing at an egress or ingress point,
> you will see multicast/broadcast traffic that you happen to see, but not
> much more of interest.
>
>
>
> Is your sniffing interface placed well to monitor traffic of interest to
> you?  What spanning/mirroring technology are you using?
>
>
>
> *From:* bro-bounces at bro.org [mailto:bro-bounces at bro.org] *On Behalf Of *Raj
> Kumar
> *Sent:* Monday, May 15, 2017 5:28 AM
> *To:* bro at bro.org
> *Subject:* [Bro] BRO IDS
>
>
>
> Hi All,
>
>
>
> I have installed bro ids for network security monitoring ,am trying to
>  match the ip address of  threats feeds with ip address in  bro logs.But am
> getting only multicast  224.0.0.251 239.255.255.250 and not the actual
> destination ip .How to get the exact ip address in BRO logs.
>
>
>
> Any help would be really helpful
>
>
>
> Thanks,
>
> *Raj*
>
>
>
>
> Please be aware that if you reply directly to this particular message,
> your reply may not be secure. Do not use email to send us communications
> that contain unencrypted confidential information such as passwords,
> account numbers or Social Security numbers. If you must provide this type
> of information, please visit comerica.com to submit a secure form using
> any of the ”Contact Us” forms. In addition, you should not send via email
> any inquiry or request that may be time sensitive. The information in this
> e-mail is confidential. It is intended for the individual or entity to whom
> it is addressed. If you have received this email in error, please destroy
> or delete the message and advise the sender of the error by return email.
>



-- 
*Raj*
*IT Consultant*
*Mobile:  ** +45 **81923531*

*Lyskær 9** [image: Inline images 1]*

*2730 Herlev, Denmark  *

*Web:   **http://www.capmon.dk <http://www.capmon.dk/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170515/a30f5761/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 18048 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170515/a30f5761/attachment-0001.bin

More information about the Bro mailing list