TCP connection summaries

Laleh_Arshadi · September 28, 2013, 1:07pm

Hi all

I see that you can get a connection summary log of an offline pcap traffic file by running bro with a simple command line as:
bro -r traffic_file_name
I have tested this command and it works well. But I am only interested in TCP connection summaries so I tried:
bro -r traffic_file_name tcp
But I get an error indication ‘tcp’ as unkown. What have I missed here?

Regards
L. Arshadi

Jon_Schipp · September 28, 2013, 3:00pm

To pass a BPF try ``-f tcp’’

Topic		Replies	Views
read trace offline Zeek	2	88	May 6, 2022
Offline/Tracefile Traffic Classification with Bro Zeek	5	81	May 6, 2022
Bro DPD (Beginner) Zeek	4	112	May 6, 2022
Flow Statistics in BRO Zeek	6	105	May 6, 2022
generating bro report from packet capture Zeek	2	77	May 6, 2022

TCP connection summaries

Related topics