Reading _all_ packets

Mike Muratet mike.muratet at
Thu May 27 09:27:06 PDT 2004


I am trying to use bro to read tcpdump files for the purposes of
characterizing network traffic (not just that which is directed to the
host). It has a more consistent output format than tcpdump, I'm going to
want to do some filtering at some point, and it might be easier than trying
to write my own routines from libpcap (maybe). The documentation is robust,
which is a 'good news'/'bad news' situation. Is there a simple explanation
for how to make bro report _everything_?



