Dear Sir or Madam.
Hi, Nice to meet you.
My name is Seonmin and I’m South Korean.
I’m studying Bro and I saw Bro User Manual.(version 0.9, 12-1-2004, DRAFT)
That’s really helpful for me to understand the Bro. Thank you so much.
All these days, I’ve searched far and wide the bro’s config files and other documents on the Internet.
However I couldn’t find the best one what I need…
I understand the sketchy knowledge. For example, The keynote of Bro’s benefits and simple flow.( Network → libpcap → event engine → PolicyScriptInterpreter)
But that kind of information is not enough for me to understand the Bro perfectly.
I want to know how to work the Bro accurately.(Some information of Bro’s architecture) I need like a Bro hierarchy structure.
( EX. To run the “bro/base/protocols” file, Bro needs the “bro/base/framewalk/analyzer” file. And it also needs the “bro/base/framewalk/packet_filter.util” file.)
bro/base/framewalk/packet_filter.util
|
- |
|
bro/base/framewalk/analyzer
|
|
bro/base/protocols
|
So, I refered to the Bro User Manual’s “Appendix A Bro Directory and Files”. But It is corrupted like below.
If you don’t mind me asking, Would you send me the original file or picture of that?
- based on that file, I will try to do the simplification of Bro. (To inspect only http packets)
I’m sorry for the sentences are not neat… If you are not sure what I mean, Please tell me.
Yours Faithfully,
Seonmin.