From 93c54c24cf928d2866b9de666c2ed09bf49b13a8 Mon Sep 17 00:00:00 2001
From: Gerard Wagener <gerard.wagener@circl.lu>
Date: Thu, 28 Mar 2019 11:25:16 +0100
Subject: [PATCH] add: [doc] Explained how to write raw pcaps

---
 docs/workshop/3-pibs/d4-pibs.tex | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docs/workshop/3-pibs/d4-pibs.tex b/docs/workshop/3-pibs/d4-pibs.tex
index 17bb2ec..926436b 100644
--- a/docs/workshop/3-pibs/d4-pibs.tex
+++ b/docs/workshop/3-pibs/d4-pibs.tex
@@ -80,4 +80,16 @@
         \item -y specifies the redis database
     \end{itemize}
 \end{frame}
+
+\begin{frame}
+    \frametitle{Using PIBS for further exploration}
+    \begin{itemize}
+        \item Often it is unknown which fields should be analysed during refinement
+        \item Read raw pcap and output raw pcap
+        \item Output pcap file can be further investigated with other tools such as Wireshark
+    \end{itemize}
+    \begin{block}{PIBS tool}
+        pibs -r source.cap.gz -w backscatter.cap
+    \end{block}
+\end{frame}
 \end{document}