[Bro] tcpdump -w

Angelita de Cássia Corrêa angelita at uol.com.br
Wed Jun 15 07:39:12 PDT 2005


I tried to test the tcpdump -w, following the steps bellow:

Bro can also be run on tcpdump -w files instead of on live traffic. To do this, you must set a BROPATH enviroment variable to point at your set of policy scripts. For example: 
     setenv BROHOME /usr/local/bro
     setenv BROPATH $BROHOME/policy:$BROHOME/site
     bro -r dumpfile brohost

I used those commands: 


When I tried this command: "bro -r /home/xxxx/tcpdump.teste scan" , I received this message: 
line 1: error: can't open bro.init

What can I do to resolve this problem?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20050615/d2edfdaa/attachment.html 

More information about the Bro mailing list