[Bro] tcpdump -w
Christian Kreibich
christian at whoop.org
Thu Jun 16 14:02:05 PDT 2005
On Thu, 2005-06-16 at 16:46 -0300, Angelita de Cássia Corrêa wrote:
> I test the tcpdump -w only to test, but I will run Bro on a live traffic.
>
> Do I need to edit some policies files, like scan.bro, tcp.bro or others
> files?
No, it doesn't matter to the policy scripts whether the traffic comes
from trace files or a live network. The only difference is in the way
you start Bro (-i vs -r).
Cheers,
Christian.
--
________________________________________________________________________
http://www.cl.cam.ac.uk/~cpk25
http://www.whoop.org
More information about the Bro
mailing list