Log entire payloads

One possibility is to load the contents.bro script. It will write the
contents of every connection to two files (contents-*), one for each
direction. Note that it does writing for every connection, not just HTTP
ones. If you want the latter, you might want to adapt the script

Note, depending on your broader use, you can avoid adapting the script
by using capture_filters to only capture tcp port 80.


Dear Dr. Vern,

I'd like to extract 41 features and their corresponding attack classes based on
the DARPA 1999 dataset and 2000 dataset
(http://www.ll.mit.edu/IST/ideval/data/data_index.html) like the KDD Cup 99
dataset ( http://kdd.ics.uci.edu/databases/kddcup99/kddcup.names ). Is it
possible to extract all the 41 features from tcpdump files. I was able to
extract 12 features only. I'm newbie to the bro tool, and i'd like to know if i
can extract all the 41 features from tcpdump files.