Creating span port using netgraph
- From: Frank <frank@xxxxxxxx>
- Date: Sat, 28 Jan 2006 20:52:11 +0100
Hi,
I'm trying to setup a "span" Interface for using with snort. Basically, the span interface should receive a copy of all IP packets seen on my real network interfaces, with the purpose that snort can snoop this interface.
After reading the manuals, and searching the Internet I came up with the following script:
#!/bin/sh
# load ng_ether to get ethernet interfaces
if ! kldstat -v | grep ng_ether > /dev/null 2>&1; then
kldload ng_ether
fi# create ngeth0 and bind xl0, xl1, xl2 and xl3 to it ngctl mkpeer . eiface hook ether ngctl mkpeer ngeth0: one2many lower one ngctl connect xl0: ngeth0:lower lower many0 ngctl connect xl1: ngeth0:lower lower many1 ngctl connect xl2: ngeth0:lower lower many2 ngctl connect xl3: ngeth0:lower lower many3
# bring up ngeth0 for sniffing duties ifconfig ngeth0 monitor up
After I run this script, all network connections freeze and I lost all IP connectvity. If I tcpdup on any inteface (xl? or ngeth0) no traffic is visible.
Maybe I'm overlooking the obvious, but I do not understand why it does not work....
Any help is appreciated! I'm using FreeBSD 6-STABLE.
Regards,
Frank
_______________________________________________ freebsd-net@xxxxxxxxxxx mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: Creating span port using netgraph
- From: Anton Yuzhaninov
- Re: Creating span port using netgraph
- Prev by Date: Re: sl2tps, MRU, MTU, and MSS
- Next by Date: Re: /usr/src/lib/libc/net/res_debug.c: compile problem fixed
- Previous by thread: Ftpd problems
- Next by thread: Re: Creating span port using netgraph
- Index(es):
Relevant Pages
|
|
