Knowing Bro
Another tool to analyze network traffic is Bro. Bro is a very powerful tool, which is often positioned as an IDS, but the possibilities are much wider with Bro. Discussing all of them in a single chapter is almost impossible, so we will consider only some of them. One of the many advantages of Bro is the ability to use ready-made parsers different protocols.
For example, the following are some of them:
- DHCP
- DNS
- FTP
- HTTP
- POP3
- SMTP
- SSH
The list of these protocols is constantly expanding.
By default, Bro applies the protocol analyzers to traffic, and it records the results in the log files that correspond to different protocols.
Bro also allows you to write your own handlers in a language called Bro. For each event that occurs during the processing ...
Get Practical Windows Forensics now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
