[Bro] saving the binary information at pcap

Oguz Yarimtepe oguzyarimtepe at gmail.com
Wed May 16 13:14:03 PDT 2012


I set the default_extract variable as

const default_extract = T &redef;

at the contents.bro script to get the dat files including tcp reassembly contents. Is there a way at the Python binding side so that i can save the binaries as seperate files in the created files? The dat files include many responses. I can read the file and try to parse the content out of by looking at the orig file. But maybe there is a better way at the binding side


Oguz Yarimtepe <oguzyarimtepe at gmail.com>

More information about the Bro mailing list