Getting flow stats from Bro

Jim_Simpson · February 15, 2017, 9:14pm

Is there an existing set of scripts for Bro to get flow stats?

I’m looking for counts, avg, and std dev on small packets, large packets, nonempty packets, interarrival times, etc, similar to what YAF gives with the --flow-stats option. I’m also interested in the Shannon entropy of the payload, similar to what YAF gives with the --entropy option.
https://tools.netsa.cert.org/yaf/yaf.html

Jim

Vlad_Grigorescu3 · February 16, 2017, 4:15pm

Not set of scripts for this that I'm aware of. The closest thing I'm
aware of is this script for computing PCR, which might be a good
jumping-off point at least:

https://github.com/reservoirlabs/bro-producer-consumer-ratio

--Vlad

Jim Simpson <jim.simpson.work@gmail.com> writes:

Topic		Replies	Views
Flow Statistics in BRO Zeek	6	79	May 6, 2022
Traffic characteristics extraction with Bro Zeek	4	65	May 6, 2022
(Traffic characteristics extraction with Bro - Continue) Zeek	2	51	May 6, 2022
Netflow and Bro Zeek	2	70	May 6, 2022
Bro performance information Zeek	1	66	May 6, 2022

Getting flow stats from Bro

Related Topics