Date: Wed, 23 Oct 2002 11:49:56 -0500 From: Peter Erickson <lists@redlamb.net> To: freebsd-questions@freebsd.org Subject: ethernet tap and netgraph Message-ID: <20021023164956.GA28440@redlamb.net>
next in thread | raw e-mail | index | archive | help
I am in the process of adding a machine running Snort to my network and I a= m having problems getting it to work correctly. My problem is that I bought= a network tap (Finisar UTP/1) and have connected the ports (A and B) to th= e link in between my internet router and firewall. I then connected the tap= ports to 2 different nics on a machine running 4.6 and Snort 1.9.0. Now th= e problem is that snort will only watch one interface so i cant tell it to = watch both directions of traffic. I believe that there is a way to use netg= raph to bind the 2 interfaces connected to the network tap together so that= I can use snort to monitor both directions of traffic, but Im not too sure= on how to do it. I have tried using nf_fec and ng_one2many, but i have had= no luck with either one. So my question is this: Does anyone know of a way= to bind 2 nics together so that I can use Snort to monitor ALL traffic com= ing in on both of them? If it matters, I am not assigning an ip address to = the nics either. Thanks in advance. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021023164956.GA28440>