[Bro] tcpdump -w
Angelita de Cássia Corrêa
angelita at uol.com.br
Wed Jun 15 07:39:12 PDT 2005
I tried to test the tcpdump -w, following the steps bellow:
Bro can also be run on tcpdump -w files instead of on live traffic. To do this, you must set a BROPATH enviroment variable to point at your set of policy scripts. For example:
setenv BROHOME /usr/local/bro
setenv BROPATH $BROHOME/policy:$BROHOME/site
bro -r dumpfile brohost
I used those commands:
When I tried this command: "bro -r /home/xxxx/tcpdump.teste scan" , I received this message:
line 1: error: can't open bro.init
What can I do to resolve this problem?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro