[Bro] PCAP help

Thu Apr 19 08:01:54 PDT 2018

So what interface is Bro monitoring? and have you configured your
networks.cfg? Need some more details on what traffic you are having
issues splitting out.

On Thu, Apr 19, 2018 at 10:18 AM, Charles Mckee
<charles.mckee at decisivedge.com> wrote:
> Hello Bro Team,
>
> I need some help with PCAP.
>
>
>
> We noticed when using Bro we see local host traffic.
>
>
>
> We want to segment Bro's traffic from the other traffic on a continual
> basis.
>
>
>
> We cannot find any information on the net how to do this, so now I  must
> reach out to you.
>
>
>
> All traffic inbound comes into Bro and at that point we need to all of its
> own traffic segmented away somewhere.
>
>
>
> Can you help me ?
>
>
>
> Can you please send explicit directions for this.
>
>
>
>
>
> Respectfully Yours
>
> Charles McKee
>
>
>
> DecisivEdge, LLC
>
> O:  302.299.1570 x432  |  C:  302.320.6968  |  F:  302.299.1578
>
> 131 Continental Dr |  Suite 409  |  Newark, DE 19713
>
> charles.mckee at decisivedge.com  |  www.DecisivEdge.com
>
>
>
>
> ________________________________
>
> This email and any files transmitted with it are considered privileged and
> confidential unless otherwise explicitly stated otherwise. If you are not
> the intended recipient you are notified that disclosing, copying,
> distributing or taking any action in reliance on the contents of this
> information is strictly prohibited. All email data and contents may be
> monitored to ensure that their use is authorized, for management of the
> system, to facilitate protection against unauthorized use, and to verify
> security procedures, survivability and operational security. Under no
> circumstance should the user of this email have an expectation of privacy
> for this correspondence.
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-- 
Michael Shirk
Daemon Security, Inc.
http://www.daemon-security.com