[Bro] Traffic analysis by Bro
Abhinay Kampasi
abhinay at cs.utexas.edu
Thu Nov 9 10:32:31 PST 2006
Hi,
What traffic does Bro monitor by default (i.e. what pcap capture filter
does it use)?
Suppose one of the policy scripts redefines the capture filter to
monitor SSH traffic as follows:
"redef capture_filters += { ["xxxx"] = "tcp port 22" };"
Does this modify the global filter? I mean do all the policy scripts
(and not only my script) see the SSH traffic?
Thanks,
Abhinay
More information about the Bro
mailing list