[Bro] Bro on other Packet Trace Dumps.
goeldich at ee.ethz.ch
Tue Mar 22 04:54:56 PST 2005
> Page 9 of the reference manual appears to bea list figures and tables.
> I tried to run
> > bro -r example.trace brolite
> and it should work if I had a tcpdump file. Unfortunately my trace
> file are not in tcpdump format.
i'm not sure, but i think that tcpdump is the only format at the moment which
can be read by bro.
what format do you have? maybe there is a converter around...
> On page 18 of the Bro user manual, the following command was suggested
> for use with a tcpdump file.
> > bro -r dumpfile brohost
i meant page 17 of the pdf file which is page number 9 in the reference manual.
(see the number in the right upper corner)
by the way if you have installed bro with the commands "./configure", "make",
"make install" and "make install-brolite" or similar you can start it with the
> bro -r dumpfile brolite
you have to replace the word "brohost" in the command with the name of the
policy file you want to load.
read more of it in the user and quick start manuals...
> On Sat, 19 Mar 2005 14:11:36 +0100, Christoph Göldi <goeldich at ee.ethz.ch>
> > hi
> > if you have tcpdump files, you can easily do this with the -r flag:
> > > bro -r example.trace brolite
> > see page 9 and the following in the reference manual.
> > have fun
> > christoph
> > --On Samstag, 19. März 2005 14:31 +1100 Dana Zhang <berry1.0 at gmail.com>
> > wrote:
> > > Hi, I'm new to bro and what I would like to do is run bro on 38 hours
> > > of packet traces that I've aquired from another website.
> > > Is there any simple way to do this?
> > > I'm a bit confused as how to do this because I don't want to monitor
> > > the traffic of my own website/network but analyse data that I
> > > extracted from another source.
> > > _______________________________________________
> > > Bro mailing list
> > > bro at bro-ids.org
> > > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro