Hi,
I had confusions on how Bro behaves when a single instance is listening on two ethernet interfaces. Here is what I encounter. I still based on my code in broping.
I install a Bro on the same machine on this broping app. This broping does two things in order: sending ping events to loopback interface and then send TCPs request to another machine and get response. I just use broping to repeat this again and again and I don’t insert any latency between each iteration.
With Bro monitoring on these events from two ethernet interface, I find that many ping events are received by Bro after the TCP request/responses and this happens a lot. So Bro sees events in different orders than they are sent.
Any comment on this phenomenon? Is that anyway, that I can handle situation?
Best,
Hui