[Bro] PacketFilter
Dave Crawford
bro at pingtrip.com
Mon Mar 20 14:27:39 PDT 2017
Sure, I’ll uninstall netmap-libpcap, install the standard Debian libpcap-dev and recompile Bro. Will respond back with observations.
> On Mar 20, 2017, at 3:16 PM, Seth Hall <seth at corelight.com> wrote:
>
>
>> On Mar 19, 2017, at 7:36 PM, Dave Crawford <bro at pingtrip.com> wrote:
>>
>> I built a new Bro cluster without Netmap (standard libpcap-dev libraries for Debian 8.7) and the BPF works as expected:
>
> Could you try using the netmap plugin for Bro instead of the modified libpcap? The filtering should work correctly there.
>
> .Seth
>
> --
> Seth Hall * Corelight, Inc * seth at corelight.com * www.corelight.com
>
More information about the Bro
mailing list