[Bro] Tracking PCAP file sources?
jdvessey at gmail.com
Fri Oct 28 05:57:23 PDT 2016
I've tried to find this in the docs and even tried exploring source code.
This use case is more around after the fact network forensics, when working
with PCAP files.
If I have a bunch of pcaps, and I run bro like:
$ bro -r input1.pcap -r input2.pcap -r input3.pcap
Is there some way to associate bro's connection IDs back to contributing
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro