[Bro] How should Bro to read wireshark trace file

Seth Hall seth at icir.org
Tue Mar 27 06:05:33 PDT 2012

On Mar 27, 2012, at 4:42 AM, Qinwen Hu wrote:

> is anyone know how to solve this problem?

You need to supply the pcap formatted trace file with the "-r" flag.  

	bro -r alert1 local


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list