Hi,
Is there any policy file in Bro that reports all connections present in the
traffic seen by Bro? Does conn.bro provide this functionality?
Regards,
Abhinay
Abhinay Kampasi wrote:
Is there any policy file in Bro that reports all connections present in the
traffic seen by Bro? Does conn.bro provide this functionality?
conn.bro only logs TCP. Depending on what you mean by "connection",
you may also want udp.bro and/or icmp.bro.
Also, note that conn.bro does not *only* log connections.
It does intrusion analysis -- for example, scan detection.
Mark
Thanks Mark, I only wanted TCP connection info.
Regards,
Abhinay