[Bro] Reading encrypted pcap with Bro

Josh Guild josh.guild at morphick.com
Sat Aug 12 11:58:54 PDT 2017

Hi all,

Hoping to find some more uplifting answers here than I found with my Google
searches. I have an encrypted pcap and the key but there doesn't seem to be
a way to save of the plaintext pcap with tshark.

Where Bro comes in - I need to carve some files out that are chunked as
octet streams and would really rather not have to write a tshark script for

However Bro needs the decrypted pcap to carve for me :(

Any assistance or points in the right direction would be awesome, thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170812/f50ecc27/attachment.html 

More information about the Bro mailing list