[Bro] help for adding new packet filter
Bindiya V S
bindiyavs at tataelxsi.co.in
Mon Feb 19 02:22:24 PST 2007
Hi guys,
I am trying to integrate GRE protocol in BRO. When I tried
adding pcap filter for the protocol - by adding the following
lines in the bro file in site directory
redef capture_filters = { ["tcp"]= "tcp", ["udp"] = "udp", ["icmp"] = "icmp", ["gre"] = "gre" };
it is giving the following run-time error.
line 1: run-time error: precompile_pcap_filter: pcap_compile((((gre) or (udp)) or (tcp)) or (icmp)): parse error
can't compile filter (((gre) or (udp)) or (tcp)) or (icmp)
When using 1.1, I was able to use empty capture filter - by adding the following line in the hostname.bro file -
redef capture_filters = { };
and get all the packets captured. The same is not working for
1.2 version.
Somebody please help me out.
Thanks,
Bindiya V S
More information about the Bro
mailing list