[Bro] Capturing the raw trace...
Randolph Reitz
rreitz at fnal.gov
Wed Oct 10 08:53:04 PDT 2007
OK, so I understand that to really debug BRO one needs tcpdump stuff
rather than BRO's connection records.
Discussing how to get a continuous supply of tcpdump stuff, Tim Rupp
and I have come up this this idea ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: picture.jpg
Type: image/jpeg
Size: 18751 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20071010/f8cd8231/attachment.jpg
-------------- next part --------------
Before we go off and invent the above, I'm asking if this already
exists? Does BRO have some secret way of preserving the libpcap
output (er, the BRO input)?
Thanks,
Randy
More information about the Bro
mailing list