This directory contains handy auxiliary programs:

cf-1.1/
	Makefile and source for the "cf" utility.  cf reads lines from
	stdin and if the line begins with a number, then it assumes that
	the number corresponds to a Unix timestamp and replaces it with
	the corresponding local time in a readable format.  Useful for
	running on log files.  See cf.1/cf.man.txt for documentation.

scripts/
	A set of utility scripts for munching on Bro connection summaries.

	bro_logchk: orders and scans through FTP and HTTP logs
	host-grep: greps a summary file for a particular host's activities
	host-to-addrs: converts a hostname to a list of IP addresses
	hot-report: formats a summary file in a readable fashion
	ip-grep: returns a grep pattern for a given IP address
	mon-report: summarizes a particular host's activity
	mvlog: compresses and archives log files

adtrace/
	Makefile and source for the adtrace utility. This program is used
	in conjunction with the localnetMAC.pl perl script to compute the
	network address that compose the internal and extern nets that bro
	is monitoring. This program when run by itself just reads a pcap
	(tcpcump) file and writes out the src MAC, dst MAC, src IP, dst
	IP for each packet seen in the file. This output is processed by
	the localnetMAC.pl script during 'make install'.

rst/
	Makefile and source for the rst utility. "rst" can be invoked by
	a Bro script to terminate an established TCP connection by forging
	RST tear-down packets.  See terminate_connection() in conn.bro.


NOTE: this directory used to also contain the "hf" suite of conversion
utilities.  You should now instead get this from:

	ftp://ftp.ee.lbl.gov/hf.tar.gz
