[Bro] store all packet
jean-philippe luiggi
jean-philippe.luiggi at didconcept.com
Fri Apr 30 08:25:03 PDT 2010
Hello,
Yes, just have to use 'tcpdump -w <filename> <some filter>'
exemple : tcpdump -i eth0 -w /tmp/tcpdump.cap port 80
Cheers,
Jean-Philippe.
* lzqsist at 163.com <lzqsist at 163.com> [2010-04-30 20:22:34 +0800]:
> Can I use tcpdump saving network packet directlu to hard disk,just like DMA?
> --
> lzqsist<br><br>???2010-04-30 20:17:04???"jean-philippe luiggi" <jean-philippe.luiggi at didconcept.com> ?????????
> >Hello,
> >
> >I'm not sure of what do you want exactly but i assume you're talking about
> >network packets ?
> >
> >If so, you've to run something likes "tcpdump -w ..." instead of "bro".
> >
> >Cheers,
> >
> >Jean-Philippe.
> >
> >
> >
> >* lzqsist <lzqsist at 163.com> [2010-04-30 17:45:06 +0800]:
> >
> >> Hi,all.How to store all packet directly to the hard disk using bro-1.5 ?
> >>
> >> _______________________________________________
> >> Bro mailing list
> >> bro at bro-ids.org
> >> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
> ** ACCEPT: CRM114 PASS osb unique microgroom Matcher **
> CLASSIFY succeeds; success probability: 0.9999 pR: 3.8986
> Best match to file #0 (nonspam.css) prob: 0.9999 pR: 3.8986
> Total features in input file: 1912
> #0 (nonspam.css): features: 666869, hits: 1219906, prob: 1.00e+00, pR: 3.90
> #1 (spam.css): features: 538438, hits: 1224014, prob: 1.26e-04, pR: -3.90
>
More information about the Bro
mailing list