O'Reilly logo

Practical Windows Forensics by Konstantin Sapronov, Ayman Shaaban

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Knowing Bro

Another tool to analyze network traffic is Bro. Bro is a very powerful tool, which is often positioned as an IDS, but the possibilities are much wider with Bro. Discussing all of them in a single chapter is almost impossible, so we will consider only some of them. One of the many advantages of Bro is the ability to use ready-made parsers different protocols.

For example, the following are some of them:

  • DHCP
  • DNS
  • FTP
  • HTTP
  • POP3
  • SMTP
  • SSH

The list of these protocols is constantly expanding.

By default, Bro applies the protocol analyzers to traffic, and it records the results in the log files that correspond to different protocols.

Bro also allows you to write your own handlers in a language called Bro. For each event that occurs during the processing ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required