[Bro] Problem: Bro listening on two ethernet interfaces
Christoph Goeldi
goeldich at ee.ethz.ch
Mon May 2 06:55:18 PDT 2005
Hi
I'm quite happy with Bro. Thanks to the developers!
Nevertheless, i remarked another problem today when i tried to make Bro
listening on two interfaces.
What i did:
bro -i eth0 -i eth3 test
*** test.bro ********************************************
event connection_attempt(c: connection)
{ print "connection_attempt"; }
event connection_rejected(c: connection)
{ print "connection_rejected"; }
*********************************************************
(I think it doesn't depend on what this script does.)
I runned attacks on only one and on both interfaces on this host.
What happens:
Most of the packets are dropped by Bro:
> 8970 packets received on interface eth0, 31021 dropped
> 1580 packets received on interface eth3, 10770 dropped
I tried this on two completely different Linux'. Kernel 2.4 and 2.6.
And with the newest Bro release.
When i start Bro and set only one -i flag, it works perfect.
"tcpdump -i any" works also and doesn't drop any packets.
any ideas?
Thanx for any help
Christoph
More information about the Bro
mailing list