[Bro] Reading encrypted pcap with Bro
Josh Guild
josh.guild at morphick.com
Sat Aug 12 11:58:54 PDT 2017
Hi all,
Hoping to find some more uplifting answers here than I found with my Google
searches. I have an encrypted pcap and the key but there doesn't seem to be
a way to save of the plaintext pcap with tshark.
Where Bro comes in - I need to carve some files out that are chunked as
octet streams and would really rather not have to write a tshark script for
this.
However Bro needs the decrypted pcap to carve for me :(
Any assistance or points in the right direction would be awesome, thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170812/f50ecc27/attachment.html
More information about the Bro
mailing list