[Bro] tcpdump -w

Christian Kreibich christian at whoop.org
Thu Jun 16 14:02:05 PDT 2005

On Thu, 2005-06-16 at 16:46 -0300, Angelita de Cássia Corrêa wrote:
> I test the tcpdump -w only to test, but I will run Bro on a live traffic.
> Do I need to edit some policies files, like scan.bro, tcp.bro or others
> files?

No, it doesn't matter to the policy scripts whether the traffic comes
from trace files or a live network. The only difference is in the way
you start Bro (-i vs -r).


More information about the Bro mailing list