Arp Traffic Script

Pete · November 22, 2011, 5:19pm

I'm not sure if this of value to anyone, but I thought I'd pass it on. I
recently had a need to review arp traffic and re-wrote the old arp.bro
policy script to use the new Logging framework in 2.0-beta. I made a few
additional changes as well with how the state information is stored.

load.bro|attachment (13 Bytes)

main.bro (7.14 KB)

Seth_Hall3 · November 22, 2011, 5:30pm

Awesome, thanks! I was going to be bringing the ARP analysis script back soon (maybe for 2.1) and you've made it easier now. I'll make sure you get credit in the CHANGE file when it gets added back.

Thanks,
.Seth

Pete · November 22, 2011, 6:10pm

No problem... Glad I could help. I'll make sure to let you know if I
make any changes to it. Until then, maybe I'll work on converting some
of the others.

** Seth Hall <seth@icir.org> [2011-11-22 12:30:09 -0500] **

Topic		Replies	Views
(no subject) Zeek	2	65	May 6, 2022
Bro and ICMP Zeek	2	78	May 6, 2022
Flow blocking with iptables from Bro Zeek	5	170	May 6, 2022
New to Bro... Question about recording HTTP User Agents Zeek	2	64	May 6, 2022
icmp and bro Zeek	1	58	May 6, 2022

Arp Traffic Script

Related Topics