[Bro] Ignore 802.1Q vlan-tagging
j.sentier206 at laposte.net
Wed Jan 19 05:48:03 PST 2011
Here is a little patch (to bro1.5.2) I made to get both vlan traffic and regular ethernet traffic at the same time.
It could prove useful to you
> Message du 19/01/11 02:24
> De : "Seth Hall"
> A : "Bryce Boe"
> Copie à : bro at bro-ids.org
> Objet : Re: [Bro] Ignore 802.1Q vlan-tagging
> On Jan 18, 2011, at 5:44 PM, Bryce Boe wrote:
> > I'm curious if anyone has a patch which allows bro to essentially
> > ignore the 802.1Q header if present. Alternatively could someone point
> > me to where in the code I should look so that I can modify the code
> > myself?
> Add the "vlan" keyword to the beginning of your filter so that BPF passes the packets on to Bro and then load the "vlan" script.
> There is a set of changes in the pipe now that will make this a little more straightforward (and do the same thing for MPLS), but what's there now should work fine for you if you are just working with VLAN tagged packets.
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> Bro mailing list
> bro at bro-ids.org
Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ?
Je crée ma boîte mail www.laposte.net
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the Bro