![]() ![]() Otherwise, you can find the package here:, along with their webpage for further details. Security Onion was my VM of choice as it already has Bro installed. This is the use case for when I’d start up my virtual machine (VM) as opposed to opening the file in Wireshark.īro is a network security monitoring (NSM) tool, which I like to think of as an advanced Intrusion Detection System something that you might deploy for traffic inspection, detecting attacks, log capturing, and event correlation. ![]() Not only this, but it makes analysing that much faster when you’re dealing with a very large network capture. However recently I was exposed to the wonders of bro-cut, a fun little function of Bro IDS (now renamed to Zeek) that allows you to segregate PCAPs into Bro logs http, dns, files, smtp and much more. Wireshark has always been my go-to for PCAP analysis.
0 Comments
Leave a Reply. |