[Bro] PCAP help.
fatema bannatwala
fatema.bannatwala at gmail.com
Thu Apr 19 08:31:40 PDT 2018
Hi Charles,
Just out of curiosity, how are you getting traffic to your Bro sensors? N/w
tap, Port mirror?
Also, did you look at the networks.cfg config file to define your local
nets and private IP ranges?
Depending on how you are feeding traffic to bro, you could potentially
filter the traffic you don't want Bro sensors to process, by using CIDR
filters on port mirroring software or packet filters with BRO bpf on NICs.
It's little unclear (to me), what traffic Bro is seeing on your network and
what you want to do with it.
-Fatema.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180419/6792c476/attachment.html
More information about the Bro
mailing list