Project

General

Profile

Support #4392

BPF filter not dropping all the suricata_flow_id

Added by Titouan DUBUC about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

Hello,
We are currently using suricata 4.1.2 and we are experiencing difficulty using Bpf filters, we have a problem because we have some network traffic we don't want to capture. This traffic is traffic between a guest wifi VLAN and Public DNS, the Guest Wifi VLAN request the Active Directory and then the AD perform the DNS request to the DNS. The problem we are experiencing is that with BPF filters we managed not to capture all the guest to ad traffic but all the AD to DNS request are still collected. Is there any simple way not to capture these requests ?

No data to display

Also available in: Atom PDF