I have a question. I would like you to teach following.
My Bro cannot capture the packet at starting Bro.
I try to operate Bro in the closed network environment on VMware network,
not connected to the Internet.
My Bro has operated on the guest operating system (FedoraCore).
Capturing packet can be done at usual operation when connecting to the
Internet.
And, the following comment is being written in the "Info.log.file" .
Capture filter: (((((((((port 111) or (port 53)) or .............)
But, capturing packet cannot be done when not connecting to the Internet.
(in the closed network environment)
So the above comment does not apear in the "Info.log.file".
Instead that, Bro policy scripts "print-filter.bro" looks like to be
invoked.
I cannot understand these opration. Please give some advice to me.
Thank you.