mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
| .. | ||
| adtrace | ||
| bdcat | ||
| binpac | ||
| broccoli | ||
| broctl | ||
| cf | ||
| contrib | ||
| hf | ||
| nftools | ||
| rst | ||
| scripts | ||
| libpcap-0.7.2.tar.gz | ||
| libpcap-0.8.3.tar.gz | ||
| libpcap-0.9.8.tar.gz | ||
| Makefile.am | ||
| README | ||
This directory contains handy auxiliary programs: adtrace/ Makefile and source for the adtrace utility. This program is used in conjunction with the localnetMAC.pl perl script to compute the network address that compose the internal and extern nets that bro is monitoring. This program when run by itself just reads a pcap (tcpcump) file and writes out the src MAC, dst MAC, src IP, dst IP for each packet seen in the file. This output is processed by the localnetMAC.pl script during 'make install'. bdcat/ A utility for decrypting encrypted Bro log files. binpac/ A compiler for generating protocol analyzers from high-level, declarative specifications. Used extensively for constructing Bro's protocol analyzers, but capable of stand-alone use for building analyzers outside of the Bro system. broccoli/ A C client library for interfacing programs with the Bro system. Enables sending and receiving of Bro values and events. cf/ Makefile and source for the "cf" utility. cf reads lines from stdin and if the line begins with a number, then it assumes that the number corresponds to a Unix timestamp and replaces it with the corresponding local time in a readable format. Useful for running on log files. See cf/cf.man.txt for documentation. contrib/ Unsupported contributions to Bro. hf/ The main utility in this subdirectory is hf, which translates any dotted-quad (in text) appearing on stdin to the corresponding DNS hostname (via a PTR lookup) on stdout. nftools/ Utilities for dealing with Bro's custom file format for storing NetFlow records. nfcollector reads NetFlow data from a socket and writes it in Bro's format. ftwire2bro reads NetFlow "wire" format (e.g., as generated by a 'flow-export' directive) and writes it in Bro's format. rst/ Makefile and source for the rst utility. "rst" can be invoked by a Bro script to terminate an established TCP connection by forging RST tear-down packets. See terminate_connection() in conn.bro. scripts/ A set of utility scripts for munching on Bro connection summaries. bro_logchk: orders and scans through FTP and HTTP logs host-grep: greps a summary file for a particular host's activities host-to-addrs: converts a hostname to a list of IP addresses hot-report: formats a summary file in a readable fashion ip-grep: returns a grep pattern for a given IP address mon-report: summarizes a particular host's activity mvlog: compresses and archives log files