[Bro] ActiveHTTP

Jan Grashöfer jan.grashoefer at gmail.com
Mon Jan 30 11:02:13 PST 2017

> Ok, scratch that error message. The box I was testing on didn’t have curl installed. After installing curl the test script has the same behavior as when run on OS X. Work great by itself but hangs before the when{} block if passed a PCAP.

bro --pseudo-realtime -r
Mswab_Yayih_FD1BE09E499E8E380424B3835FC973A8_2012-03.pcap b.bro

works for me. Takes about one and a half minute (the PCAP covers ~5mins)
to spit out the result.


More information about the Bro mailing list