File Input Format

Ashley Thomas athomas at
Wed Sep 12 12:21:39 PDT 2001

Bro needs the tcpdump file in 'raw' format. ie the kind of file you get when
you use tcpdump with -w option.


Chaivat Jirapummin wrote:

> Dear all,
>       I just  used Bro recently. I have question about
> using bro as off-line detector. The input file was
> read by
> bro -r filename
>      According to the manual, the input file has to be
> TCPdump format. I used the Information Exploration
> Shootout database, but it didnot be read. The error
> message "Improper format dump file"  appeared on the
> screen. For input file format,
> Time Src.Srcport > Dst.Dstport  Flag Seq1:Seq2 Ack Win
> Buf Opt
> How can Bro read this data? Can it read the CSV
> format?
> Thankyou.
> Chaivat J.
> __________________________________________________
> Do You Yahoo!?
> Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger

More information about the Bro mailing list