Provided by: bro_2.4.1+dfsg-2build1_i386 bug


       bro - passive network traffic analyzer


       bro  [options] [file ...]


       Bro is primarily a security monitor that inspects all traffic on a link
       in depth for signs of suspicious activity. More generally, however, Bro
       supports  a  wide  range  of traffic analysis tasks even outside of the
       security domain, including performance measurements  and  helping  with

       Bro  comes  with  built-in  functionality  for  a range of analysis and
       detection tasks, including detecting malware by interfacing to external
       registries,  reporting  vulnerable  versions  of  software  seen on the
       network, identifying popular web  applications,  detecting  SSH  brute-
       forcing, validating SSL certificate chains, among others.


       <file> policy file, or read stdin

       -a, --parse-only
              exit immediately after parsing scripts

       -b, --bare-mode
              don't load scripts from the base/ directory

       -d, --debug-policy
              activate policy file debugging

       -e, --exec <bro code>
              augment loaded policies by given code

       -f, --filter <filter>
              tcpdump filter

       -g, --dump-config
              dump current config into .state dir

       -h, --help|-?
              command line help

       -i, --iface <interface>
              read from given interface

       -p, --prefix <prefix>
              add given prefix to policy file resolution

       -r, --readfile <readfile>
              read from given tcpdump file

       -s, --rulefile <rulefile>
              read rules from given file

       -t, --tracefile <tracefile>
              activate execution tracing

       -w, --writefile <writefile>
              write to given tcpdump file

       -v, --version
              print version and exit

       -x, --print-state <file.bst>
              print contents of state file

       -z, --analyze <analysis>
              run the specified policy file analysis

       -C, --no-checksums
              ignore checksums

       -F, --force-dns
              force DNS

       -I, --print-id <ID name>
              print out given ID

       -J, --set-seed <seed>
              set the random number seed

       -K, --md5-hashkey <hashkey>
              set key for MD5-keyed hashing

       -N, --print-plugins
              print available plugins and exit (-NN for verbose)

       -P, --prime-dns
              prime DNS

       -Q, --time
              print execution time summary to stderr

       -R, --replay <events.bst>
              replay events

       -S, --debug-rules
              enable rule debugging

       -T, --re-level <level>
              set 'RE_level' for rules

       -U, --status-file <file>
              Record process status in file

       -W, --watchdog
              activate watchdog timer

       -X, --broxygen <cfgfile>
              generate documentation based on config file

              enable pseudo-realtime for performance evaluation (default 1)

       --load-seeds <file>
              load seeds from given file

       --save-seeds <file>
              save seeds to given file

       The  following  option  is  available  only  when Bro is built with the
       --enable-debug configure option:

       -B, --debug <dbgstreams>
              Enable debugging output for  selected  streams  ('-B  help'  for

       The  following  options  are  available  only  when  Bro  is built with
       gperftools     support     (use     the     --enable-perftools      and
       --enable-perftools-debug configure options):

       -m, --mem-leaks
              show leaks

       -M, --mem-profile
              record heap


              file search path

              plugin search path

              plugins to always activate

              prefix list

              disable DNS lookups

              file to load seeds from

              ASCII log file extension

              Output file for script execution statistics

              Disable Broxygen documentation support


       bro was written by The Bro Project <>.