Next: Modifying Bro policy, Previous: Specifying policy scripts, Up: Running Bro
There are two ways to run Bro on network traffic: on traffic captured live by the network interface(s), and on traffic previously recorded using the -w flag of tcpdump or Bro itself.
-w
tcpdump