I want to know that wheather Bro can read the HDLC data link .If not , Can we make bro to use the HDLC data like.
Please suggest.
Regards
vijay M Khadse
When/If you add support for HDLC to Bro, please submit a patch ticket to the tracker[1] so that others may benefit from your effort.
Thanks,
.Seth
hello ,
I want to ask that my bro is not even reading my eth0
I have set default interface as eth0. I don’t have have an entry for bpf device in /dev. I don’t have any /dev/bpf*. Wheather the problem is due to this only.
Regards,
Vijay M Khadse
You can start by using a basic policy like conn.bro to see if bro is
seeing any data.
bro -i eth0 conn.bro
If bro is seeing connections, you'll end up with a conn.log file and you
can build from there.
-Tim