Can I use BotHunter to analyze a large corpus of packet traces?
Yes. Ensure that when you install BotHunter on your system, that you have installed the proper network configuration parameters that describe the network on which you captured your tcptrace files (i.e., tcpdump files). Also, ensure that your captured packet trace files were captured using full snaplen (e.g., tcpdump -s 0). You may use the runsnort.csh script in the BotHunter directory to produce a dialog event file from your packet trace file. Next, configure a BATCH mode configuration directory of BotHunter, and then run your dialog event file through BotHunter.