[Bro] Reading encrypted pcap with Bro
josh.guild at morphick.com
Sat Aug 12 11:58:54 PDT 2017
Hoping to find some more uplifting answers here than I found with my Google
searches. I have an encrypted pcap and the key but there doesn't seem to be
a way to save of the plaintext pcap with tshark.
Where Bro comes in - I need to carve some files out that are chunked as
octet streams and would really rather not have to write a tshark script for
However Bro needs the decrypted pcap to carve for me :(
Any assistance or points in the right direction would be awesome, thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro