Reading _all_ packets

Mike Muratet mike.muratet at
Thu May 27 15:38:21 PDT 2004

> > for how to make bro report _everything_?
> What exactly do you mean by "everything"? As you compare Bro to
> tcpdump it sounds like you would like to see every packet. That does
> not really fit into Bro's connection-oriented model. Do you know
> ipsumdump[1]? Perhaps that could be more appropiate here?

It will be more appropriate.



More information about the Bro mailing list