Navigation

Bro Auxiliary Programs

Version:0.23

Handy auxiliary programs related to the use of the Bro Network Security Monitor (http://www.bro-ids.org).

Note that some files that were formerly distributed with Bro as part of the aux/ tree are now maintained separately. See the http://www.bro-ids.org/download for their download locations.

adtrace

Makefile and source for the adtrace utility. This program is used in conjunction with the localnetMAC.pl perl script to compute the network address that compose the internal and extern nets that bro is monitoring. This program when run by itself just reads a pcap (tcpcump) file and writes out the src MAC, dst MAC, src IP, dst IP for each packet seen in the file. This output is processed by the localnetMAC.pl script during ‘make install’.

devel-tools

A set of scripts used commonly for Bro development.

extract-conn-by-uid:
Extracts a connection from a trace file based on its UID found in Bro’s conn.log
gen-mozilla-ca-list.rb
Generates list of Mozilla SSL root certificates in a format readable by Bro.
update-changes
A script to maintain the CHANGES and VERSION files.
git-show-fastpath
Show commits to the fastpath branch not yet merged into master.
cpu-bench-with-trace
Run a number of Bro benchmarks on a trace file.

nftools

Utilities for dealing with Bro’s custom file format for storing NetFlow records. nfcollector reads NetFlow data from a socket and writes it in Bro’s format. ftwire2bro reads NetFlow “wire” format (e.g., as generated by a ‘flow-export’ directive) and writes it in Bro’s format.

rst

Makefile and source for the rst utility. “rst” can be invoked by a Bro script to terminate an established TCP connection by forging RST tear-down packets. See terminate_connection() in conn.bro.


Table of Contents

Next Page

BTest - A Simple Driver for Basic Unit Tests

Previous Page

Bro Control

Copyright 2012, The Bro Project. Last updated on May 18, 2012. Created using Sphinx 1.1.2.