Bro Auxiliary Programs

Version:0.33

Handy auxiliary programs related to the use of the Bro Network Security Monitor (http://www.bro.org).

Installation

Installation is simple and standard:

./configure
make
make install

adtrace

The “adtrace” utility is used to compute the network address that compose the internal and extern nets that bro is monitoring. This program just reads a pcap (tcpdump) file and writes out the src MAC, dst MAC, src IP, dst IP for each packet seen in the file.

bro-cut

The “bro-cut” utility reads ASCII Bro logs on standard input and outputs them with only the specified columns (if no column names are specified, then all columns are output). There are also options to convert the timestamps into human-readable format, as well as whether or not to include the format header blocks in the output (by default, they’re not included). Use the “-h” option to see a list of all options.

devel-tools

A set of scripts used commonly for Bro development. Note that none of these scripts are installed by ‘make install’.

extract-conn-by-uid
Extracts a connection from a trace file based on its UID found in Bro’s conn.log
gen-mozilla-ca-list.rb
Generates list of Mozilla SSL root certificates in a format readable by Bro.
update-changes
A script to maintain the CHANGES and VERSION files.
git-show-fastpath
Show commits to the fastpath branch not yet merged into master.
cpu-bench-with-trace
Run a number of Bro benchmarks on a trace file.

nftools

The “nfcollector” and “ftwire2bro” utilities are for dealing with Bro’s custom file format for storing NetFlow records. The “nfcollector” utility reads NetFlow data from a socket and writes it in Bro’s format. The “ftwire2bro” utility reads NetFlow “wire” format (e.g., as generated by a ‘flow-export’ directive) and writes it in Bro’s format.

rst

The “rst” utility can be invoked by a Bro script to terminate an established TCP connection by forging RST tear-down packets.


Previous Page

BroControl

Copyright 2013, The Bro Project. Last updated on June 15, 2015. Created using Sphinx 1.2.2.