Issue when Bro is reading a file which capturing live traffic

Hashem_Alaidaros · December 24, 2015, 2:55am

Hi All,
I run tcpdump live to capture the traffic into a file using “-w”.
Then I run bro to read that file offline using “-r”.
Both instances are running continuously. First it works fine but then bro stop generating results although it keep running, this means bro didn’t continue reading from the file. Is it because bro -r is faster than the live capturing?
How to let bro keep reading the file (this file is continuously increasing)
My bro version: 2.3 running on ubuntu platform.

Thanks

Franky · December 28, 2015, 2:02pm

Hi Hashem,

Hashem_Alaidaros · December 29, 2015, 3:35am

Thanks Franky for your reply.
in my research, I’m requested to run bro in offline mode for further analysis and forensics.

Any idea how to resolve the issue.

Thanks

Topic		Replies	Views
Issue with bro reading a file that capturing live traffic Zeek	1	77	May 6, 2022
reading live traffic Zeek	2	71	May 6, 2022
Running Bro with -r option Zeek	2	107	May 6, 2022
Applying Bro on offline captured traffic? Zeek	2	65	May 6, 2022
Applying Bro on offline captured traffic? Zeek	1	67	May 6, 2022

Issue when Bro is reading a file which capturing live traffic

Related topics