Hi,
Does bro handle the case where I sniffing from two interfaces I1 and I2, and I1 sees the client side traffic and I2 see the server side traffic? If this is supported, does the scenario of more than two interfaces also work? Thanks.
Dk.
Hi,
to add to the already given answer - I _suspect_, that it might work when
you start Bro and specify several interfaces (bro -i eth0 -i eth1).
However, I am not quite sure if the packets will arrive at Bro in the
correct ordering in that case, especially when there is very quick timing
(i.e. interleaved packets that arrive on both interfaces in very quick
succcession and have to be parsed in the correct order).
So - try it and tell us your results 
Johanna