[Bro] Bro on other Packet Trace Dumps.
Dana Zhang
berry1.0 at gmail.com
Mon Mar 28 01:58:08 PST 2005
On Mon, 28 Mar 2005 10:40:48 +0100, Jonathan Paisley
<jp-www at dcs.gla.ac.uk> wrote:
>
> On 28 Mar 2005, at 9:59, Dana Zhang wrote:
>
> > my packets were captured using a DAG2 system. traces are in DAG
> > format, which is a fixed 64 bytes record format with 40 bytes of IP
> > header. I extracted from my binary to make it look like a tcpdump
> > file.
>
> You can probably use Endace's 'dagconvert' utility to convert from the
> DAG format to pcap format.
>
> pcap format /is/ the tcpdump binary format. You get this if you use the
> '-w file' option to tcpdump. Otherwise, it just outputs a textual
> description of the packets.
>
>
I thought I was recreating the textual output that tcpdump would
create. I don't understand why bro is telling me there is something
wrong with my tcpdump imitation trace file.
What exactly should my packet trace file look like? I'm starting to
get confused as to what bro accepts.
More information about the Bro
mailing list