[Bro] is vlan bpf broken in bro
philosnef at gmail.com
Wed Mar 29 07:17:56 PDT 2017
Per this thread:
tcpdump can't process vlan filters. Testing confirms this.
tcpdump -i eth0 -Uw - | tcpdump -en -r - vlan 4
This works and displays only vlan 4 stuff. The reverse does not:
tcpdump -i eth0 -Uw - "vlan 4" |tcpdump -en -r -
This displays ALL vlans tagged in the traffic, and not just vlan 4.
This is on RHEL 7. Apparently there are some issues with x86_64 vlan
The short of it: Will bro respect vlan filters, or does it have the same
issue that tcpdump and libpcap seem to have?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro