zeek/doc/components/bro-aux

.. -*- mode: rst; -*-
..
.. Version number is filled in automatically.
.. |version| replace:: 0.26-5

======================
Bro Auxiliary Programs
======================

.. contents::

:Version: |version|

Handy auxiliary programs related to the use of the Bro Network Security
Monitor (http://www.bro.org).

Note that some files that were formerly distributed with Bro as part
of the aux/ tree are now maintained separately. See the
http://www.bro.org/download for their download locations.

adtrace
=======

Makefile and source for the adtrace utility. This program is used
in conjunction with the localnetMAC.pl perl script to compute the
network address that compose the internal and extern nets that bro
is monitoring. This program when run by itself just reads a pcap
(tcpdump) file and writes out the src MAC, dst MAC, src IP, dst
IP for each packet seen in the file. This output is processed by
the localnetMAC.pl script during 'make install'.


devel-tools
===========

A set of scripts used commonly for Bro development.

extract-conn-by-uid:
    Extracts a connection from a trace file based
    on its UID found in Bro's conn.log

gen-mozilla-ca-list.rb
    Generates list of Mozilla SSL root certificates in
    a format readable by Bro.

update-changes
    A script to maintain the CHANGES and VERSION files.

git-show-fastpath
    Show commits to the fastpath branch not yet merged into master.

cpu-bench-with-trace
    Run a number of Bro benchmarks on a trace file.


nftools
=======

Utilities for dealing with Bro's custom file format for storing
NetFlow records.  nfcollector reads NetFlow data from a socket and
writes it in Bro's format.  ftwire2bro reads NetFlow "wire" format
(e.g., as generated by a 'flow-export' directive) and writes it in
Bro's format.

rst
===

Makefile and source for the rst utility. "rst" can be invoked by
a Bro script to terminate an established TCP connection by forging
RST tear-down packets.  See terminate_connection() in conn.bro.