[Bro] Bro on other Packet Trace Dumps.

Dana Zhang berry1.0 at gmail.com
Mon Mar 28 00:35:10 PST 2005

hi Chris, 

> i'm not sure, but i think that tcpdump is the only format at the moment which
> can be read by bro.
> what format do you have? maybe there is a converter around...

The current format of my data is just packet headers in binary. I
tried to convert to tcpdump format myself. can I confirm that tcpdump
format for tcp commections is:
src > dst: flags data-seqno ack window urgent options

i'm only working with tcp packets. 
a couple of examples of my packets are as follows > . 17193851:17193851(0) ack 1278587442 win 8623 > P 22414518:22415922(1404) ack 20496183 win 8474 > S 2222637079:2222637079(0) win 32696 urg 0 > . 868560419:868561879(1460) ack
1691568355 win 61320

However, when I run this file with bro using
> bro -r dumpfile brolite
I receive the error problem with trace file dumpfile - bad dump file format. 

Is there something I missed?

More information about the Bro mailing list