[Bro] Bro 2.1 support for sniffing on multiple interfaces faces
Coen Bakkers
coen_bakkers at symantec.com
Tue Apr 29 03:46:56 PDT 2014
Does Bro 2.1 support sniffing on several interfaces at the same time? I have tried this now on a dozen of nodes, and the behavior does not seem to be consistent.
Note that I am not trying to sniff an outbound and an inbound stream that are related, but I have a tap port on a separate network that I also interested in in covering.
Sometimes multiple interfaces in node.cfg will work, but sometimes it makes Bro just hang and not record any of the http, dns, ftp logs etc..
More information about the Bro
mailing list