Two Questions about Bro


My name is Ji-Hoon, Lee and nice to meet you all

I have an interest in detecting network threats and measuring the loss of bandwidth caused by them.

So, I choose the Bro to detect them. I’ve read manual and installed Bro to my FreeBSD. It works good!!

and I also ran Tcpdump to record all packets on my local network for one day.

Today I put tcpdump file to the Bro to analysis with mt.bro policy file. Bro returns many weird logs and works good.

but when I put with mt.bro and worm.bro policy files. It makes segmentation fault. Worm analyzer doesn’t work perfect now ?

and I have one more question. I want to add another virus/worm detection feature to Bro. (Likes Klez or Lovegate)

But Manual is hard for me to do that job so I’m looking for information that can help me. Where can I find it ?

Thank to reading my poor writing (Sometimes I think I have to study English first of all --") and hope you all have a nice weekend.