[Bro] Bro 2.1 support for sniffing on multiple interfaces faces

James Lay jlay at slave-tothe-box.net
Tue Apr 29 04:05:04 PDT 2014


On Tue, 2014-04-29 at 03:46 -0700, Coen Bakkers wrote:

> Does Bro 2.1 support sniffing on several interfaces at the same time? I have tried this now on a dozen of nodes, and the behavior does not seem to be consistent.
> Note that I am not trying to sniff an outbound and an inbound stream that are related, but I have a tap port on a separate network that I also interested in in covering.
> Sometimes multiple interfaces in node.cfg will work, but sometimes it makes Bro just hang and not record any of the http, dns, ftp logs etc..
> 
> 
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro


I have had great success with starting bro with:

bro -i eth0 -i eth1

I am not using broctl.

James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140429/3ba8a38c/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140429/3ba8a38c/attachment.bin 


More information about the Bro mailing list