[Bro] looping traffic and bpf

Brandon Lattin brandonlattin at gmail.com
Thu Aug 17 07:13:37 PDT 2017


not host <ip>

You can get significantly more fancy as necessary:
https://biot.com/capstats/bpf.html

https://www.bro.org/sphinx/scripts/base/frameworks/packet-filter/main.bro.html



On Thu, Aug 17, 2017 at 6:14 AM, erik clark <philosnef at gmail.com> wrote:

> I foresee a problem in the very near future where I am sending traffic out
> to our splunk indexers over the same network I am tapping. I am pretty sure
> this would loop the traffic through the tap, and don't want to do that.
>
> I see a wide variety of ways to run bpf statements from 5 years ago till
> somewhat recently in google. What is the best way in 2.5 to strip a single
> address from bros inspection with a filter?
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170817/b7368e04/attachment.html 


More information about the Bro mailing list