BRO sniffing traffic on a VLAN

masoom_alam · October 10, 2015, 9:54am

Dear ALL,

I have plugged BRO in my lab in the mirrored port of a physical switch. Thus BRO is able to sniff all the traffic.

My question is that if we install BRO on a simple linux machine and try sniffing a LAN traffic for analysis for example, do we need some special measure? I mean is it necessary that BRO should be plugged in the mirrored port…

Thanks

Harry_Hoffman · October 10, 2015, 12:13pm

Hi Masoom,

Bro will still see some traffic (traffic destined to the bro box, ARP, broadcast, potential port floods) but not other traffic.

Cheers,
Harry

Topic		Replies	Views
Typical Bro use case Zeek	2	101	May 6, 2022
finger and port scan test to bro Zeek	1	65	May 6, 2022
How to use Bro to listen netflow from some ip and port Zeek	1	94	May 6, 2022
Bro 1.5.1, FreeBSD, Mirror-Port questions Zeek	2	71	May 6, 2022
load balancing question. Zeek	2	74	May 6, 2022

BRO sniffing traffic on a VLAN

Related topics