[Bro] Disabling DPD
Justin Azoff
JAzoff at albany.edu
Thu May 17 13:44:39 PDT 2012
On Fri, May 18, 2012 at 01:26:51AM +0500, Sheharbano Khattak wrote:
> Hi,
>
> For the purpose of testing my scripts, sometimes i am interested in looking at
> results only from a particular protocol. However, everything is enabled by
> default. So i have HTTP, SMTP, FTP... analysis going on when i am only
> interested in, say, DNS. I redefined PacketFilter::all_packets=F in bro_init
> but to no avail. Then i made the same change in the actual script file instead
> of redefining all_packets in my script, still the same behavior. Please correct
> me if i am doing it wrong :-)
try:
redef PacketFilter::all_packets = F;
redef capture_filters = [[ "only-dns"] = "port 53"];
--
-- Justin Azoff
-- Network Security & Performance Analyst
More information about the Bro
mailing list