Capturing with tcpdump (for offline analysis) I generally use the following command:
tcpdump -s 96 … ( -s 0 is not necessary for me most of the time)
So,using BroControl to start/stop a realtime capture and analysis how can the captured bits be configured-controled to match our needs?