I foresee a problem in the very near future where I am sending traffic out to our splunk indexers over the same network I am tapping. I am pretty sure this would loop the traffic through the tap, and don’t want to do that.
I see a wide variety of ways to run bpf statements from 5 years ago till somewhat recently in google. What is the best way in 2.5 to strip a single address from bros inspection with a filter?