BPF to ignore client traffic picked up on other sensor

  • 1
  • Idea
  • Updated 3 years ago
I want to prevent our sensor from capturing client traffic that I capture on our client sensor (student/guest subnets). The client subnets that I want to ignore are: 10.2.0.0/16, 10.3.0.0/16, 10.71.0.0/16 and 10.72.0.0/16.

Will this BPF do the trick?
not (net 10.2.0.0/16 or net 10.3.0.0/16 or net 10.71.0.0/16 or net 10.72.0.0/16)

Should I apply it as an IDS filter, Traffic Monitor filter or both?

Ans. If you wish to stop the LANGuardian recording any events or traffic then apply the bpf to both the IDS and traffic monitor.

The following should work for you:

not net 10.2.0.0/16 and not net 10.3.0.0/16 and not net 10.71.0.0/16 and not net 10.72.0.0/16
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 393 Posts
  • 8 Reply Likes

Posted 3 years ago

  • 1

Be the first to post a reply!