bro at pingtrip.com
Mon Mar 20 14:27:39 PDT 2017
Sure, I’ll uninstall netmap-libpcap, install the standard Debian libpcap-dev and recompile Bro. Will respond back with observations.
> On Mar 20, 2017, at 3:16 PM, Seth Hall <seth at corelight.com> wrote:
>> On Mar 19, 2017, at 7:36 PM, Dave Crawford <bro at pingtrip.com> wrote:
>> I built a new Bro cluster without Netmap (standard libpcap-dev libraries for Debian 8.7) and the BPF works as expected:
> Could you try using the netmap plugin for Bro instead of the modified libpcap? The filtering should work correctly there.
> Seth Hall * Corelight, Inc * seth at corelight.com * www.corelight.com
More information about the Bro