Binary package “bro” in ubuntu focal
passive network traffic analyzer
Bro is primarily a security monitor that inspects all traffic on a link in
depth for signs of suspicious activity. More generally, however, Bro
supports a wide range of traffic analysis tasks even outside of the
security domain, including performance measurements and helping with
trouble-shooting.
.
Bro comes with built-in functionality for a range of analysis and
detection tasks, including detecting malware by interfacing to external
registries, reporting vulnerable versions of software seen on the network,
identifying popular web applications, detecting SSH brute-forcing,
validating SSL certificate chains, among others.