I am running Bro0.7a73 system in a single machine and preparing to carry out
some experiments.Who can explain the attack examples included in the Bro
I'm not sure what you're asking here. One of them is a trace of an
FTP "site exec" attack, the other of an NTP overflow attack.
BTW, are there some help documents available for Tcpdump and Bro? I mean
some fundemental aspects.
For tcpdump, only "man tcpdump". For Bro, see the doc/ subdirectory.