bro-aux

small auxiliary tools for Bro

This package provides handy auxiliary programs related to the use of the Bro Network Security Monitor. The “adtrace” utility is used to compute the network address that compose the internal and extern nets that bro is monitoring. The “bro-cut” utility reads ASCII Bro logs on standard input and outputs them with only the specified columns (if no column names are specified, then all columns are output). The "nfcollector" and "ftwire2bro" utilities are for dealing with Bro’s custom file format for storing NetFlow records.

bro-core

The core bro installation without broctl

bro

passive network traffic analyzer

Bro is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting. Bro comes with built-in functionality for a range of analysis and detection tasks, including detecting malware by interfacing to external registries, reporting vulnerable versions of software seen on the network, identifying popular web applications, detecting SSH brute-forcing, validating SSL certificate chains, among others.