[Bro] Why cannot Bro capture the packet?
北村 真一
kitamura.shinichi at lab.ntt.co.jp
Wed Jun 28 21:02:44 PDT 2006
I have a question. I would like you to teach following.
My Bro cannot capture the packet at starting Bro.
I try to operate Bro in the closed network environment on VMware network,
not connected to the Internet.
My Bro has operated on the guest operating system (FedoraCore).
Capturing packet can be done at usual operation when connecting to the
Internet.
And, the following comment is being written in the "Info.log.file" .
Capture filter: (((((((((port 111) or (port 53)) or .............)
But, capturing packet cannot be done when not connecting to the Internet.
(in the closed network environment)
So the above comment does not apear in the "Info.log.file".
Instead that, Bro policy scripts "print-filter.bro" looks like to be
invoked.
I cannot understand these opration. Please give some advice to me.
Thank you.
--
Shinichi Kitamura <kitamura.shinichi at lab.ntt.co.jp>
NTT Information Sharing Platform Labs.
More information about the Bro
mailing list