mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
61 lines
2.4 KiB
Text
61 lines
2.4 KiB
Text
This directory contains handy auxiliary programs:
|
|
|
|
adtrace/
|
|
Makefile and source for the adtrace utility. This program is used
|
|
in conjunction with the localnetMAC.pl perl script to compute the
|
|
network address that compose the internal and extern nets that bro
|
|
is monitoring. This program when run by itself just reads a pcap
|
|
(tcpcump) file and writes out the src MAC, dst MAC, src IP, dst
|
|
IP for each packet seen in the file. This output is processed by
|
|
the localnetMAC.pl script during 'make install'.
|
|
|
|
bdcat/
|
|
A utility for decrypting encrypted Bro log files.
|
|
|
|
binpac/
|
|
A compiler for generating protocol analyzers from high-level,
|
|
declarative specifications. Used extensively for constructing
|
|
Bro's protocol analyzers, but capable of stand-alone use for
|
|
building analyzers outside of the Bro system.
|
|
|
|
broccoli/
|
|
A C client library for interfacing programs with the Bro system.
|
|
Enables sending and receiving of Bro values and events.
|
|
|
|
cf/
|
|
Makefile and source for the "cf" utility. cf reads lines from
|
|
stdin and if the line begins with a number, then it assumes that
|
|
the number corresponds to a Unix timestamp and replaces it with
|
|
the corresponding local time in a readable format. Useful for
|
|
running on log files. See cf/cf.man.txt for documentation.
|
|
|
|
contrib/
|
|
Unsupported contributions to Bro.
|
|
|
|
hf/
|
|
The main utility in this subdirectory is hf, which translates
|
|
any dotted-quad (in text) appearing on stdin to the corresponding
|
|
DNS hostname (via a PTR lookup) on stdout.
|
|
|
|
nftools/
|
|
Utilities for dealing with Bro's custom file format for storing
|
|
NetFlow records. nfcollector reads NetFlow data from a socket
|
|
and writes it in Bro's format. ftwire2bro reads NetFlow "wire"
|
|
format (e.g., as generated by a 'flow-export' directive) and writes
|
|
it in Bro's format.
|
|
|
|
rst/
|
|
Makefile and source for the rst utility. "rst" can be invoked by
|
|
a Bro script to terminate an established TCP connection by forging
|
|
RST tear-down packets. See terminate_connection() in conn.bro.
|
|
|
|
scripts/
|
|
A set of utility scripts for munching on Bro connection summaries.
|
|
|
|
bro_logchk: orders and scans through FTP and HTTP logs
|
|
host-grep: greps a summary file for a particular host's activities
|
|
host-to-addrs: converts a hostname to a list of IP addresses
|
|
hot-report: formats a summary file in a readable fashion
|
|
ip-grep: returns a grep pattern for a given IP address
|
|
mon-report: summarizes a particular host's activity
|
|
mvlog: compresses and archives log files
|