Greetings
I am trying to use bro to read tcpdump files for the purposes of
characterizing network traffic (not just that which is directed to the
host). It has a more consistent output format than tcpdump, I'm going to
want to do some filtering at some point, and it might be easier than trying
to write my own routines from libpcap (maybe). The documentation is robust,
which is a 'good news'/'bad news' situation. Is there a simple explanation
for how to make bro report _everything_?
Thanks
Mike