Reading _all_ packets
Robin Sommer
sommer at in.tum.de
Thu May 27 10:11:10 PDT 2004
On Thu, May 27, 2004 at 11:27 -0500, Mike Muratet wrote:
> for how to make bro report _everything_?
What exactly do you mean by "everything"? As you compare Bro to
tcpdump it sounds like you would like to see every packet. That does
not really fit into Bro's connection-oriented model. Do you know
ipsumdump[1]? Perhaps that could be more appropiate here?
Robin
[1] http://www.icir.org/kohler/ipsumdump/
--
Robin Sommer * Room 01.08.055 * www.net.in.tum.de
TU Muenchen * Phone (089) 289-18006 * sommer at in.tum.de
More information about the Bro
mailing list