[Bro] looping traffic and bpf
brandonlattin at gmail.com
Thu Aug 17 07:13:37 PDT 2017
not host <ip>
You can get significantly more fancy as necessary:
On Thu, Aug 17, 2017 at 6:14 AM, erik clark <philosnef at gmail.com> wrote:
> I foresee a problem in the very near future where I am sending traffic out
> to our splunk indexers over the same network I am tapping. I am pretty sure
> this would loop the traffic through the tap, and don't want to do that.
> I see a wide variety of ways to run bpf statements from 5 years ago till
> somewhat recently in google. What is the best way in 2.5 to strip a single
> address from bros inspection with a filter?
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro