[Bro] bro protocol detection from pcap
oguzyarimtepe at gmail.com
Thu Apr 19 07:01:13 PDT 2012
On Thu, 19 Apr 2012 08:55:09 -0400
Seth Hall <seth at icir.org> wrote:
> Your tracefile has bad checksums. Either fix the checksums or use the -C command line flag to ignore checksums.
> > # bro -p broctl -p broctl-live -p standalone -p local -p bro -r 213.pcap
-C is what i was looking for. Thank you.
> You can leave out most of this command line. This should work fine:
> bro -r 213.pcap
> BroControl runs with all of those extra args to add various functionality that you don't need to worry about when you're just looking to analyze a tracefile.
-r pcap_file worked fine.
Oguz Yarimtepe <oguzyarimtepe at gmail.com>
More information about the Bro