[Bro] saving raw packet payload to text file
Seth Hall
seth at icir.org
Wed Jun 17 22:12:08 PDT 2015
> On Jun 6, 2015, at 5:03 PM, Fateme Eskandari <f.eskandary2009 at gmail.com> wrote:
>
> i have a pcap file that contain data about some protocols. i want to have a text file for every protocol from my pcap file that contains all raws of packet payload in asccii format. just like this:
> which command could i use?
�
redef Conn::default_extract=T;
That will create a directory named “contents” in your CWD and fill it with files containing the data you want. One difference is that Bro writes each flow to a separate file so a connection would write out two files.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150618/50430fae/attachment.bin
More information about the Bro
mailing list