Skip to content
This repository has been archived by the owner on Jan 21, 2023. It is now read-only.

Latest commit

 

History

History
23 lines (17 loc) · 426 Bytes

usage.md

File metadata and controls

23 lines (17 loc) · 426 Bytes
Raw

Usage

Capture Live Traffic

docker run --rm --cap-add=NET_RAW --net=host -v `pwd`:/pcap:rw blacktop/bro -i eth0

Use your own pcap

$ docker run --rm -v /path/to/pcap:/pcap:rw blacktop/bro -r my.pcap local

To use your own local.bro

$ docker run --rm \
  -v `pwd`:/pcap \
  -v `pwd`/local.bro:/usr/local/share/bro/site/local.bro \
  blacktop/bro -r my_pcap.pcap local