On Thu, Oct 04, 2007 at 11:55 -0400, Reed Porada wrote:
On the Bro wiki it mentions that Bro can be
configured to output
captured packets that look suspicious.
Which text are you refering to exactly? Apart form -w, the only
other thing I can think of is the built-in dump_current_packet()
whichs save the currently processed packet to disk---with the
typical problem that this is not very well defined.
The line there implies something more than -w, which may be simply