[Bro] is vlan bpf broken in bro
Seth Hall
seth at corelight.com
Wed Mar 29 08:14:42 PDT 2017
> On Mar 29, 2017, at 10:17 AM, erik clark <philosnef at gmail.com> wrote:
>
> The short of it: Will bro respect vlan filters, or does it have the same issue that tcpdump and libpcap seem to have?
If it's acquiring packets through straight libpcap on linux and linux has an issue with vlan handling, then yes, you will have the same problem. If you are using some alternate packet handling mechanism then the problem with likely not be there. Are you using the default libpcap on your distro?
.Seth
--
Seth Hall * Corelight, Inc * seth at corelight.com * www.corelight.com
More information about the Bro
mailing list