[Bro] Bro state implementation
robin at icir.org
Thu Apr 3 11:22:14 PDT 2008
On Thu, Apr 03, 2008 at 09:51 +0530, surya wrote:
> Is it possible to stop capturing the packets at libpcap level and
> later resume capturing the packets with out libpcap initialization.
As far as I know, there's no way to tell pcap to clear all internal
buffers. What one could do is close the interface and reopen it. Or
one could just eat all old packets without actually processing them
after calling continue_processing(). However, Bro does not support
either at the moment.
Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro