[Bro] help for adding new packet filter
Bindiya V S
bindiyavs at tataelxsi.co.in
Mon Feb 19 19:22:47 PST 2007
Thanks
That fixed it :)
-----Original Message-----
From: Vern Paxson [mailto:vern at icir.org]
Sent: Tuesday, February 20, 2007 12:08 AM
To: Bindiya V S
Cc: bro at ICSI.Berkeley.EDU
Subject: Re: [Bro] help for adding new packet filter
> line 1: run-time error: precompile_pcap_filter: pcap_compile((((gre) or
(udp)) or (tcp)) or (icmp)): parse error
> can't compile filter (((gre) or (udp)) or (tcp)) or (icmp)
The problem is that tcpdump (at least my version) doesn't have a "gre"
keyword. So, to specify that you want to capture GRE traffic, you'll need
to describe it dirctly in terms of the IP "protocol" field (e.g., "tcp"
is the same as "ip proto 6").
Vern
More information about the Bro
mailing list