[Bro] Adapting packet filter in stand-alone cluster

Tyler T. Schoenke Tyler.Schoenke at colorado.edu
Thu Apr 16 15:01:31 PDT 2009

I am getting started with Bro, and am using Robin's 1.4 stand-alone 
cluster branch.  I was trying to detect some IRC traffic using DPD, but 
realized that it was being filtered.  In the Workshop 2009 materials, it 
mentioned adapting the packet filter by adding the -f "tcp".  I tried 
that, tested it on my pcap file, and it worked.  How do I enable/disable 
the -f "tcp" option in the cluster configuration?


Tyler Schoenke
IT Security Office
University of Colorado - Boulder

More information about the Bro mailing list