[Bro] Get Packet Header for all packets
erik clark
philosnef at gmail.com
Mon Nov 7 08:02:16 PST 2016
I am not sure thats accurate. I was recently troubleshooting a situation
where a printer was sending millions of packets an hour at a remote host.
On the remote destination host, that traffic was never seen, yet bro logged
it just fine. This was confirmed by running tcpdump in the middle (off the
tap) and on the end point (the destination). Tcpdump on the destination
showed zero packets coming from the source....
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161107/9d0d5055/attachment.html
More information about the Bro
mailing list