[Bro] Applying Bro on offline captured traffic?

Vern Paxson vern at icir.org
Sun Sep 13 10:14:43 PDT 2009


> Is it possible to apply Bro on offline traffic?

Sure, use bro -r tracefile.  For most forms of analysis it needs to have
whole payload (via tcpdump -s0), but sounds like you indeed have that.

		Vern



More information about the Bro mailing list