Learning the Bro scripting language by solving a Network Forensics Challenge

I’ve been wrestling with how to go about learning the Bro scripting language and tried my best to document the process I’m using while trying to solve a Network Forensics Challenge using Bro.


I’m hoping to make it a series of posts to help people new to the scripting language (myself included) who might have the same questions.

I’d welcome any comments or critiques.


Thanks Scott! I'm looking forward to future posts.


Same here! I no longer have any excuses for not learning Bro. I’m a long time Snort user, and have used Suricata since release. I’ve always wanted to learn Bro, but never thought to learn it in context with the packet analysis I already perform at work! *facepalm!

Thanks, Scott!