[Bro] BRO sniffing traffic on a VLAN
Harry Hoffman
hhoffman at ip-solutions.net
Sat Oct 10 05:13:27 PDT 2015
Hi Masoom,
Bro will still see some traffic (traffic destined to the bro box, ARP, broadcast, potential port floods) but not other traffic.
Cheers,
Harry
On Oct 10, 2015 5:54 AM, masoom alam <masoom.alam at gmail.com> wrote:
>
> Dear ALL,
>
> I have plugged BRO in my lab in the mirrored port of a physical switch. Thus BRO is able to sniff all the traffic.
>
> My question is that if we install BRO on a simple linux machine and try sniffing a LAN traffic for analysis for example, do we need some special measure? I mean is it necessary that BRO should be plugged in the mirrored port...
>
> Thanks
More information about the Bro
mailing list