[Bro] HELP? bro-pkg hosom/file-extraction to write files when reading pcaps
Hosom, Stephen M
hosom at battelle.org
Fri Nov 10 10:24:44 PST 2017
When you run Bro against a pcap, the easiest thing to do is use the default plugin(s) for file extraction...
The command I use for ad-hoc extraction from pcaps that I am working is:
bro -r foo.pcap ./file-extraction/plugins/extract-all-files.bro
Be careful when using that to read packet captures that are large.
From: bro-bounces at bro.org <bro-bounces at bro.org> on behalf of Ludwig Goon <lagoon7 at gmail.com>
Sent: Thursday, November 9, 2017 8:02:30 PM
To: bro at bro.org
Subject: [Bro] HELP? bro-pkg hosom/file-extraction to write files when reading pcaps
Message received from outside the Battelle network. Carefully examine it before you open any links or attachments.
Wanted to post this to the bro community.
I am trying to use the hosom/file-extraction plugin however I can't get it to create a directory like ./extracted-files to put them in when I am reading a pcap file. Does anyone in the bro community have any insight on how to do this?
I am using bro 2.5.1 and the current github version of bro.
More information about the Bro