[Bro] How should Bro to read wireshark trace file

Seth Hall seth at icir.org
Tue Mar 27 06:05:33 PDT 2012

Previous message: [Bro] How should Bro to read wireshark trace file
Next message: [Bro] Blacklist querying using Bro script
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mar 27, 2012, at 4:42 AM, Qinwen Hu wrote:

> is anyone know how to solve this problem?

You need to supply the pcap formatted trace file with the "-r" flag.  

	bro -r alert1 local

  .Seth


--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/

Previous message: [Bro] How should Bro to read wireshark trace file
Next message: [Bro] Blacklist querying using Bro script
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Bro mailing list