[Bro] Capture bulk traces with Bro.
Shannon Roddy
sroddy at ligo-la.caltech.edu
Thu Feb 11 13:14:56 PST 2010
Seth Hall wrote:
> On Feb 11, 2010, at 10:43 AM, Luca Renaud wrote:
>
>> I have read some of Bro's docs and a script named start-capture-all
>> is pointed as a method to help capture
>> bulk traces with Bro.However that script is not present in Bro-1.5.1
>> distribution as I know.So,was the function
>> it was supposed to do transferred to broctl ?
>> Right now,what is the better method to capture bulk traces for
>> offline analysis (not using tcpdump) just
>> using Bro.
>
>
> There is a command line argument for it...
> -w|--writefile <writefile> | write to given tcpdump file
>
> Why are you interested in using Bro for capturing your bulk traces?
> It seems like it would make more sense to stick with something like
> Time Machine[1], tcpdump, or DaemonLogger[2].
tshark is also useful for captures...
http://www.wireshark.org/docs/man-pages/tshark.html
>
> .Seth
>
> 1. http://www.net.t-labs.tu-berlin.de/research/tm/
> 2. http://www.snort.org/users/roesch/Site/Daemonlogger/Daemonlogger.html
>
> ---
> Seth Hall
> Network Security - Office of the CIO
> The Ohio State University
> Phone: 614-292-9721
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list