[Bro] looping traffic and bpf
philosnef at gmail.com
Thu Aug 17 04:14:50 PDT 2017
I foresee a problem in the very near future where I am sending traffic out
to our splunk indexers over the same network I am tapping. I am pretty sure
this would loop the traffic through the tap, and don't want to do that.
I see a wide variety of ways to run bpf statements from 5 years ago till
somewhat recently in google. What is the best way in 2.5 to strip a single
address from bros inspection with a filter?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro