(only sending to bro-dev, not the tracker).
Nevermind, after chatting with Vern I'm convinced this feature isn't worth
it. Maybe we should make some default way to capture all traffic with
pcap.bro though?
sounds good to me.
Vern pointed out the filter "ip or not ip" captures
everything and it even works when mpls or vlan tags are present in the
traffic.
How would one set that? Using -f command line argument? Or using
unrestricted_filter? Or is there another way that I'm missing.
cu
Gregor