[Bro] Help:- can we read HDLC data link type?

Tim Rupp tarupp at fnal.gov
Tue Apr 13 06:32:22 PDT 2010


You can start by using a basic policy like conn.bro to see if bro is
seeing any data.

	bro -i eth0 conn.bro

If bro is seeing connections, you'll end up with a conn.log file and you
can build from there.

-Tim

On 04/10/2010 09:14 AM, vijay khadse wrote:
>  hello ,
>  I want to ask that my bro is not even reading my eth0
> 
> I have set default interface as eth0. I don't have have an entry for bpf
> device in /dev. I don't have any /dev/bpf*. Wheather the problem is due
> to this only.
> 
> Regards,
> Vijay M Khadse
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



More information about the Bro mailing list