14 Aug
2015
14 Aug
'15
1:42 a.m.
Mike, Additionally, I should clarify that bro and netflow have some fundamental differences and are usually used for different things (but both are common in large networks). Bro's very stateful and is more focused on IDS-type applications, whereas netflow is more directed towards traffic accounting, which is why bro has all the stateful stuff about TCP connections. bro would be more commonly found at a university, but netflow's probably more relevant if you're looking at what the typical ISP will retain for a long time. -- OpenPGP: 6FB7 ED25 BFCF 3E22 72AE 6E8C 47D4 CE7F 6B9F DF57