[Bro] PacketFilter
James Lay
jlay at slave-tothe-box.net
Sat Mar 18 12:30:31 PDT 2017
That's weird....I can't reproduce that here...on Ubuntu 16 across the
board here. Maybe libpcap or interface issue? My only guess.
On Sat, 2017-03-18 at 15:20 -0400, Dave Crawford wrote:
> tcpdump doesn’t enforce the filter either.
>
> $ sudo tcpdump -nn -i netmap:eth2/Rz not net 224.0.0.0/4 | grep 60000
>
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> listening on netmap:eth2/Rz, link-type EN10MB (Ethernet), capture
> size 262144 bytes
> 15:11:26.286104 IP 192.168.20.8.40364 > 239.254.127.63.60000: UDP,
> length 44
> 15:11:26.497024 IP 192.168.20.8.47779 > 239.254.127.63.60000: UDP,
> length 44
> 15:11:26.950899 IP 192.168.20.8.38593 > 239.254.127.63.60000: UDP,
> length 44
>
> I’m at a loss now.
>
> > On Mar 18, 2017, at 2:01 PM, Dave Crawford <bro at pingtrip.com>
> > wrote:
> >
> > Damnit. I spoke too soon:
> >
> > 1489860004.749780 C7LM4TvxWGSWhxOL1 192.168.20.8
> > 40972 239.254.127.63 60000
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170318/ccee50ad/attachment.html
More information about the Bro
mailing list