[Bro] can't get the http analyzer to print anything

Vern Paxson vern at icir.org
Wed Aug 2 15:58:04 PDT 2006


>  % bro -r trace_incl-http.pcap http

Confusingly, you need to use 

	% bro -r trace_incl-http.pcap http-request

to see requests or

	% bro -r trace_incl-http.pcap http-reply

to see requests & replies.

You're not the first person to find this confusing, so I think for 1.2 we
should change the scripts around so just using http pulls in full analysis.

		Vern



More information about the Bro mailing list