Version: | 0.33 |
---|
Handy auxiliary programs related to the use of the Bro Network Security Monitor (http://www.bro.org).
The “adtrace” utility is used to compute the network address that compose the internal and extern nets that bro is monitoring. This program just reads a pcap (tcpdump) file and writes out the src MAC, dst MAC, src IP, dst IP for each packet seen in the file.
The “bro-cut” utility reads ASCII Bro logs on standard input and outputs them with only the specified columns (if no column names are specified, then all columns are output). There are also options to convert the timestamps into human-readable format, as well as whether or not to include the format header blocks in the output (by default, they’re not included). Use the “-h” option to see a list of all options.
A set of scripts used commonly for Bro development. Note that none of these scripts are installed by ‘make install’.
The “nfcollector” and “ftwire2bro” utilities are for dealing with Bro’s custom file format for storing NetFlow records. The “nfcollector” utility reads NetFlow data from a socket and writes it in Bro’s format. The “ftwire2bro” utility reads NetFlow “wire” format (e.g., as generated by a ‘flow-export’ directive) and writes it in Bro’s format.
The “rst” utility can be invoked by a Bro script to terminate an established TCP connection by forging RST tear-down packets.