Applying Bro on offline captured traffic?

Laleh_Arshadi · September 13, 2009, 12:27pm

Dear Members,

Is it possible to apply Bro on offline traffic? I have already some network traffic captured by tcpdump, can I feed this data to Bro & find the possible intrusions in that data? To be precise I must note that the captured traffic has been collected from an Ethernet network and consists of the packet headers & the whole payload.

I thank you in advance for your help & appreciate your prompt reply.

Best Regards
Laleh Arshadi

Vern · September 13, 2009, 5:14pm

Is it possible to apply Bro on offline traffic?

Sure, use bro -r tracefile. For most forms of analysis it needs to have
whole payload (via tcpdump -s0), but sounds like you indeed have that.

Vern

Topic		Replies	Views
Applying Bro on offline captured traffic? Zeek	1	48	May 6, 2022
Offline/Tracefile Traffic Classification with Bro Zeek	5	61	May 6, 2022
Issue when Bro is reading a file which capturing live traffic Zeek	3	108	May 6, 2022
read trace offline Zeek	2	68	May 6, 2022
Issue with bro reading a file that capturing live traffic Zeek	1	60	May 6, 2022

Applying Bro on offline captured traffic?

Related Topics