[Bro] tcpdump -w

Christian Kreibich christian at whoop.org
Thu Jun 16 11:15:26 PDT 2005

On Thu, 2005-06-16 at 11:35 -0300, Angelita de Cássia Corrêa wrote:
> Thanks, I put the two lines in .bash_profile:
> export BROHOME=/usr/local/bro
> export BROPATH=/usr/local/bro/policy:/usr/local/bro/site
> Now, when I run this command to test:   /usr/local/bro/bin/bro -r
> /home/angelita/test.trace scan
> I received this message: /usr/local/bro/bin/bro: problem with trace file
> /home/angelita/test.trace - fread: Inappropriate ioctl for device

I believe that's a pcap error message passed to Bro, and I seem to
recall seeing that error message when the trace file you're passing is
empty. Could that be possible? In any case, you want that file to be a
pcap trace file, typically generated using tcpdump -w.



More information about the Bro mailing list