On Nov 2, 2009, at 8:33 AM, antonionestola_ at libero.it wrote: > Hi,I have a stupid question:Can I do an offline-analysis with Bro of > a trace file in pcap form?thank you.. The Bro binary has the "-r" option similar to tcpdump for reading in pcap formatted tracefiles. .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721