Project

General

Profile

Actions
Copy link

Support #4392

closed

BPF filter not dropping all the suricata_flow_id

Added by Titouan DUBUC about 3 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

Hello,
We are currently using suricata 4.1.2 and we are experiencing difficulty using Bpf filters, we have a problem because we have some network traffic we don't want to capture. This traffic is traffic between a guest wifi VLAN and Public DNS, the Guest Wifi VLAN request the Active Directory and then the AD perform the DNS request to the DNS. The problem we are experiencing is that with BPF filters we managed not to capture all the guest to ad traffic but all the AD to DNS request are still collected. Is there any simple way not to capture these requests ?

Actions
Copy link
 #1

Updated by Andreas Herz about 2 years ago

  • Status changed from New to Closed

Hi, we're closing this issue since there have been no further responses.
If you think this issue is still relevant, try to test it again with the
most recent version of suricata and reopen the issue. If you want to
improve the bug report please take a look at
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs

Actions
Copy link

Also available in: Atom PDF