[Bro] broctl write output pcap

Johanna Amann johanna at icir.org
Wed Apr 5 09:46:07 PDT 2017


Hi,

in theory, you can pass arbitrary flags to Bro when it is called by
broctl, by setting BroArgs in broctl.cfg (see
https://www.bro.org/sphinx/components/broctl/README.html).

Note that writing pcap files with Bro has a few problems at the moment (I
think); I think it might corrupt packages under some circumstances. It
certainly is not a widely used feature and receives no testing at all.

Johanna

On Wed, Mar 15, 2017 at 12:00:35PM +0200, Alex Kefallonitis wrote:
> I know that i can run bro -i eth0 -w .pcap . Is there a way broctl to also
> write to pcap file?

> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



More information about the Bro mailing list