read trace offline

antonionestola · November 2, 2009, 1:33pm

Hi,I have a stupid question:Can I do an offline-analysis with Bro of a trace file in pcap form?thank you..

Seth_Hall · November 2, 2009, 2:20pm

The Bro binary has the "-r" option similar to tcpdump for reading in pcap formatted tracefiles.

.Seth

Topic		Replies	Views
How should Bro to read wireshark trace file Zeek	2	44	May 6, 2022
Offline/Tracefile Traffic Classification with Bro Zeek	5	62	May 6, 2022
Bro on other Packet Trace Dumps. Zeek	13	69	May 6, 2022
Newbie at bro, some questions Zeek	1	75	May 6, 2022
Applying Bro on offline captured traffic? Zeek	2	44	May 6, 2022