Applying Bro on offline captured traffic?

Dear Members,

Is it possible to apply Bro on offline traffic? I have already some network traffic captured by tcpdump, can I feed this data to Bro & find the possible intrusions in that data? To be precise I must note that the captured traffic has been collected from an Ethernet network and consists of the packet headers & the whole payload.

I thank you in advance for your help & appreciate your prompt reply.

Best Regards
Laleh Arshadi

Is it possible to apply Bro on offline traffic?

Sure, use bro -r tracefile. For most forms of analysis it needs to have
whole payload (via tcpdump -s0), but sounds like you indeed have that.

    Vern