[Bro] [Fwd: Why cannot Bro capture the packet?]

Christian Kreibich christian at whoop.org
Tue Jun 27 03:10:20 PDT 2006


I've received the below question and am forwarding to the list.
-C.

-------- Forwarded Message --------
From: 北村 真一 <kitamura.shinichi at lab.ntt.co.jp>
To: christian at whoop.org
Subject: Why cannot Bro capture the packet?
Date: Tue, 27 Jun 2006 17:20:10 +0900

I have a question. I would like you to teach following.

My Bro cannot capture the packet at starting Bro.
I try to operate Bro in the closed network environment on VMware network,
not connected to the Internet.
My Bro has operated on the guest operating system (FedoraCore).

Capturing packet can be done at usual operation when connecting to the
Internet.
And, the following comment is being written in the "Info.log.file" .

Capture filter: (((((((((port 111) or (port 53)) or .............)

But, capturing packet cannot be done when not connecting to the Internet.
(in the closed network environment)
So the above comment does not apear in the "Info.log.file".
Instead that, Bro policy scripts "print-filter.bro" looks like to be
invoked.

I cannot understand these opration. Please give some advice to me.
Thank you.

-- 
Shinichi Kitamura <kitamura.shinichi at lab.ntt.co.jp>
NTT Information Sharing Platform Labs.








More information about the Bro mailing list