[Bro-Dev] #336: Global config variable to disable packet filtering (i.e., accept all packets)
Gregor Maier
gregor at icir.org
Wed Dec 8 22:39:00 PST 2010
(only sending to bro-dev, not the tracker).
> Nevermind, after chatting with Vern I'm convinced this feature isn't worth
> it. Maybe we should make some default way to capture all traffic with
> pcap.bro though?
sounds good to me.
> Vern pointed out the filter "ip or not ip" captures
> everything and it even works when mpls or vlan tags are present in the
> traffic.
How would one set that? Using -f command line argument? Or using
unrestricted_filter? Or is there another way that I'm missing.
cu
Gregor
--
Gregor Maier gregor at icir.org
Int. Computer Science Institute (ICSI) gregor at icsi.berkeley.edu
1947 Center St., Ste. 600 http://www.icir.org/gregor/
Berkeley, CA 94704
USA
More information about the bro-dev
mailing list