[Bro] PacketFilter
Dave Crawford
bro at pingtrip.com
Sat Mar 18 12:20:06 PDT 2017
tcpdump doesn’t enforce the filter either.
$ sudo tcpdump -nn -i netmap:eth2/Rz not net 224.0.0.0/4 | grep 60000
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on netmap:eth2/Rz, link-type EN10MB (Ethernet), capture size 262144 bytes
15:11:26.286104 IP 192.168.20.8.40364 > 239.254.127.63.60000: UDP, length 44
15:11:26.497024 IP 192.168.20.8.47779 > 239.254.127.63.60000: UDP, length 44
15:11:26.950899 IP 192.168.20.8.38593 > 239.254.127.63.60000: UDP, length 44
I’m at a loss now.
> On Mar 18, 2017, at 2:01 PM, Dave Crawford <bro at pingtrip.com> wrote:
>
> Damnit. I spoke too soon:
>
> 1489860004.749780 C7LM4TvxWGSWhxOL1 192.168.20.8 40972 239.254.127.63 60000
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170318/a121607b/attachment.html
More information about the Bro
mailing list