store all packet

lzqsist · April 30, 2010, 9:45am

Hi,all.How to store all packet directly to the hard disk using bro-1.5 ?

jean-philippe_luiggi · April 30, 2010, 12:17pm

Hello,

I'm not sure of what do you want exactly but i assume you're talking about
network packets ?

If so, you've to run something likes "tcpdump -w ..." instead of "bro".

Cheers,

Jean-Philippe.

* lzqsist <lzqsist@163.com> [2010-04-30 17:45:06 +0800]:

lzqsist · April 30, 2010, 12:22pm

Can I use tcpdump saving network packet directlu to hard disk,just like DMA?

jean-philippe_luiggi · April 30, 2010, 3:25pm

Hello,

Yes, just have to use 'tcpdump -w <filename> <some filter>'

exemple : tcpdump -i eth0 -w /tmp/tcpdump.cap port 80

Cheers,

Jean-Philippe.

* lzqsist@163.com <lzqsist@163.com> [2010-04-30 20:22:34 +0800]:

Vern · April 30, 2010, 4:28pm

Yes, just have to use 'tcpdump -w <filename> <some filter>'

exemple : tcpdump -i eth0 -w /tmp/tcpdump.cap port 80

With the tweak of adding "-s 0" to capture full packets rather than only
(roughly) packet headers. This is necessary if you want to later run Bro
on the trace.

Vern

Topic		Replies	Views
question about tcpdump logging Zeek	2	48	May 6, 2022
Bro as a fancy pcap filter Zeek	4	59	May 6, 2022
Reading _all_ packets Zeek	3	55	May 6, 2022
Write in realtime packets captured by Bro Zeek	2	73	May 6, 2022
Capturing the raw trace... Zeek	7	75	May 6, 2022

store all packet

Related Topics