flow-level analysis code

yangao · December 16, 2004, 6:18pm

Hi,

I think Bro is really a good tool for intrusion detection. However, after I studied the reference manual, I found for offline analysis it can only use tcpdump packet level input. Could it also use flow-level analysis data as input? I want to detect some scan and SYN flooding attacks, does somebody have this kind of flow-level code or experience on this? If so, could you share it with us? Our purpose is purely for research.
Thx.

Yan Gao

Randolph_Reitz · December 16, 2004, 8:22pm

Fermilab uses a package named 'flow-tools' that was originally developed at Ohio State Unix. The first Google hit is...

http://www.splintered.net/sw/flow-tools/

Randy Reitz
Computer Security Team

Topic		Replies	Views
flow-level analysis code Zeek	2	124	May 6, 2022
flow-level analysis code Zeek	5	119	May 6, 2022
flow-level analysis code Zeek	2	107	May 6, 2022
Netflow and Bro Zeek	2	109	May 6, 2022
Bro and flood protection Zeek	2	125	May 6, 2022

flow-level analysis code

Related topics