I know that you can pipe results to a binary file with the -w flag and
then you can read it with the -r flag using bro again. While running
bro, can you pipe the output to a text file?
i.e. >bro -r <filename> mt >> readResults //where 'readResults' is my
I can't get it to work.
I am reading tcpdump trace files that my professor gave me.
[root@localhost bro_files]# bro -r tcpdump/attack_file_8.tcpdump mt -w
I am writing them to 'attack8.scan', but that is a binary file which I
need to read with bro again. On that note, what is the proper
syntax/flag to use when reading bro output "as-is" with the bro
#bro -r attack8.scan <???>
The binary file is in tcpdump format, so you can use tcpdump -r <file> to
see the trace in text format (try flag -nX).
Where does the '-nX' flag go? tcpdump or bro? Does it go in place of the
'-r' or appended to it?
Also if you say 'bro ... -w
-', the output trace will be dumped to stdout and you can pipe it with
tcpdump as well.
From the following line...
>#bro -r <trace file> mt -w <output file>
How do I do what you are saying above so that I can read the data in a
text reader (vi,gedit,emacs...)?
I am running a bash shell on Fedora/Redhat.
Sorry, I have only been "officially" running Linux for a few months.
Does this answer your question? (I don't know what you meant by "as-is"
When I said "as-is" I just meant that I didn't want bro to analyze the
data, just repeat it back.