File Input Format

Chaivat_Jirapummin · September 12, 2001, 4:39am

Dear all,
I just used Bro recently. I have question about
using bro as off-line detector. The input file was
read by
bro -r filename
According to the manual, the input file has to be
TCPdump format. I used the Information Exploration
Shootout database, but it didnot be read. The error
message "Improper format dump file" appeared on the
screen. For input file format,

Time Src.Srcport > Dst.Dstport Flag Seq1:Seq2 Ack Win
Buf Opt

How can Bro read this data? Can it read the CSV
format?
Thankyou.

Chaivat J.

Ashley_Thomas1 · September 12, 2001, 7:21pm

Bro needs the tcpdump file in 'raw' format. ie the kind of file you get when
you use tcpdump with -w option.

cheers
ashley

Chaivat Jirapummin wrote:

Topic		Replies	Views
Bro on other Packet Trace Dumps. Zeek	13	71	May 6, 2022
dump files, loopback Zeek	1	82	May 6, 2022
read trace offline Zeek	2	71	May 6, 2022
Issue when Bro is reading a file which capturing live traffic Zeek	3	109	May 6, 2022
Issue with bro reading a file that capturing live traffic Zeek	1	62	May 6, 2022

File Input Format

Related Topics