Reading _all_ packets

Mike Muratet mike.muratet at torchtechnologies.com
Thu May 27 15:38:21 PDT 2004

Previous message: Reading _all_ packets
Next message: Fw: snort rules
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 
> > for how to make bro report _everything_?
> 
> What exactly do you mean by "everything"? As you compare Bro to
> tcpdump it sounds like you would like to see every packet. That does
> not really fit into Bro's connection-oriented model. Do you know
> ipsumdump[1]? Perhaps that could be more appropiate here?
> 
Robin

It will be more appropriate.

Thanks

Mike

Previous message: Reading _all_ packets
Next message: Fw: snort rules
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Bro mailing list