seth at corelight.com
Mon Mar 20 12:16:45 PDT 2017
> On Mar 19, 2017, at 7:36 PM, Dave Crawford <bro at pingtrip.com> wrote:
> I built a new Bro cluster without Netmap (standard libpcap-dev libraries for Debian 8.7) and the BPF works as expected:
Could you try using the netmap plugin for Bro instead of the modified libpcap? The filtering should work correctly there.
Seth Hall * Corelight, Inc * seth at corelight.com * www.corelight.com
More information about the Bro