BPF filter not dropping all the suricata_flow_id
We are currently using suricata 4.1.2 and we are experiencing difficulty using Bpf filters, we have a problem because we have some network traffic we don't want to capture. This traffic is traffic between a guest wifi VLAN and Public DNS, the Guest Wifi VLAN request the Active Directory and then the AD perform the DNS request to the DNS. The problem we are experiencing is that with BPF filters we managed not to capture all the guest to ad traffic but all the AD to DNS request are still collected. Is there any simple way not to capture these requests ?
No data to display