looping traffic and bpf

I foresee a problem in the very near future where I am sending traffic out to our splunk indexers over the same network I am tapping. I am pretty sure this would loop the traffic through the tap, and don’t want to do that.

I see a wide variety of ways to run bpf statements from 5 years ago till somewhat recently in google. What is the best way in 2.5 to strip a single address from bros inspection with a filter?

not host

You can get significantly more fancy as necessary: https://biot.com/capstats/bpf.html