[Bro] looping traffic and bpf

Brandon Lattin brandonlattin at gmail.com
Thu Aug 17 07:13:37 PDT 2017

not host <ip>

You can get significantly more fancy as necessary:


On Thu, Aug 17, 2017 at 6:14 AM, erik clark <philosnef at gmail.com> wrote:

> I foresee a problem in the very near future where I am sending traffic out
> to our splunk indexers over the same network I am tapping. I am pretty sure
> this would loop the traffic through the tap, and don't want to do that.
> I see a wide variety of ways to run bpf statements from 5 years ago till
> somewhat recently in google. What is the best way in 2.5 to strip a single
> address from bros inspection with a filter?
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170817/b7368e04/attachment.html 

More information about the Bro mailing list