[Bro] Newbie at bro, some questions
erik clark
philosnef at gmail.com
Tue Sep 27 07:05:58 PDT 2016
Just point a free scan engine like Nessus at a site running a web server
and run tcpdump locally on that box, or just have bro listen off a tap port
that the web server runs through.
I am really not understanding why pcap files are referred to as traces,
since its just pcap. Anyway, just run tcpdump on your webserver, point
Metasploit or Nessus at it, and then read that traffic into bro elsewhere.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160927/4bcf94da/attachment-0001.html
More information about the Bro
mailing list