[Bro] bro protocol detection from pcap

Oguz Yarimtepe oguzyarimtepe at gmail.com
Thu Apr 19 07:01:13 PDT 2012


On Thu, 19 Apr 2012 08:55:09 -0400
Seth Hall <seth at icir.org> wrote:

> Your tracefile has bad checksums.  Either fix the checksums or use the -C command line flag to ignore checksums.
> > # bro -p broctl -p broctl-live -p standalone -p local -p bro -r 213.pcap

-C is what i was looking for. Thank you.

> You can leave out most of this command line.  This should work fine:
> bro -r 213.pcap 
> BroControl runs with all of those extra args to add various functionality that you don't need to worry about when you're just looking to analyze a tracefile.

-r pcap_file worked fine.

Oguz Yarimtepe <oguzyarimtepe at gmail.com>

More information about the Bro mailing list