[Bro] Capturing the raw trace...

Randolph Reitz rreitz at fnal.gov
Wed Oct 10 08:53:04 PDT 2007


OK, so I understand that to really debug BRO one needs tcpdump stuff  
rather than BRO's connection records.

Discussing how to get a continuous supply of tcpdump stuff, Tim Rupp  
and I have come up this this idea ...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: picture.jpg
Type: image/jpeg
Size: 18751 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20071010/f8cd8231/attachment.jpg 
-------------- next part --------------
Before we go off and invent the above, I'm asking if this already  
exists?  Does BRO have some secret way of preserving the libpcap  
output (er, the BRO input)?

Thanks,
Randy



More information about the Bro mailing list