[Bro] Newbie at bro, some questions

erik clark philosnef at gmail.com
Tue Sep 27 07:05:58 PDT 2016

Just point a free scan engine like Nessus at a site running a web server
and run tcpdump locally on that box, or just have bro listen off a tap port
that the web server runs through.

I am really not understanding why pcap files are referred to as traces,
since its just pcap. Anyway, just run tcpdump on your webserver, point
Metasploit or Nessus at it, and then read that traffic into bro elsewhere.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160927/4bcf94da/attachment-0001.html 

More information about the Bro mailing list