[Bro] Network tap issues
Daniel Manzo
daniel.manzo at bayer.com
Wed Jun 21 10:54:25 PDT 2017
Based on what I’ve seen, I think you might be right about the NIC detecting a fault due to a half connected state. I forced the interface up and put it in “promiscuous” mode, then ran tcp dump. Unfortunately, it reported back with no packets captured ☹
From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of Hovsep Levi
Sent: Wednesday, June 21, 2017 12:43 PM
To: Bro-IDS
Subject: Re: [Bro] Network tap issues
I've dealt with this before although I don't really understand it technically. Some sort of layer1-ish protocol.. the only way I can explain it is something like Cisco's UDLD.. the NIC detects a fault in the circuit due to a half connected state and shuts down the laser/LED for safety reasons.
You might find some obscure low-level setting for the NIC to force it into a special monitor mode similar to how wifi monitor mode works.
What happens if you force the interface up and run tcpdump ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170621/6e9a588b/attachment-0001.html
More information about the Bro
mailing list