[Bro] Bro 2.1 support for sniffing on multiple interfaces faces
Doug Burks
doug.burks at gmail.com
Tue Apr 29 04:03:21 PDT 2014
Hi Coen,
Are you perhaps using PF_RING?
https://bro-tracker.atlassian.net/browse/BIT-943
The PF_RING multiple interface issue was resolved in Bro 2.2.
On Tue, Apr 29, 2014 at 6:46 AM, Coen Bakkers <coen_bakkers at symantec.com> wrote:
> Does Bro 2.1 support sniffing on several interfaces at the same time? I have tried this now on a dozen of nodes, and the behavior does not seem to be consistent.
> Note that I am not trying to sniff an outbound and an inbound stream that are related, but I have a tap port on a separate network that I also interested in in covering.
> Sometimes multiple interfaces in node.cfg will work, but sometimes it makes Bro just hang and not record any of the http, dns, ftp logs etc..
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
Doug Burks
More information about the Bro
mailing list