From owner-freebsd-net@FreeBSD.ORG Sat Aug 20 05:30:41 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4740116A41F for ; Sat, 20 Aug 2005 05:30:41 +0000 (GMT) (envelope-from julian@elischer.org) Received: from delight.idiom.com (delight.idiom.com [216.240.32.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 06FE143D46 for ; Sat, 20 Aug 2005 05:30:40 +0000 (GMT) (envelope-from julian@elischer.org) Received: from idiom.com (idiom.com [216.240.32.1]) by delight.idiom.com (Postfix) with ESMTP id 99D55217829; Fri, 19 Aug 2005 22:30:40 -0700 (PDT) Received: from [192.168.2.2] (home.elischer.org [216.240.48.38]) by idiom.com (8.12.11/8.12.11) with ESMTP id j7K5Udln036497; Fri, 19 Aug 2005 22:30:39 -0700 (PDT) (envelope-from julian@elischer.org) Message-ID: <4306BFFB.8060307@elischer.org> Date: Fri, 19 Aug 2005 22:30:35 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050424 X-Accept-Language: en, hu MIME-Version: 1.0 To: Paul Khavkine References: <20050819182437.R47954-100000@krusty.mtl.distributel.net> In-Reply-To: <20050819182437.R47954-100000@krusty.mtl.distributel.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: Reading raw ethernet X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Aug 2005 05:30:41 -0000 Paul Khavkine wrote: > On Fri, 19 Aug 2005, Julian Elischer wrote: > > >>Paul Khavkine wrote: >> >>>Hi guys. >>> >>> >>>I'm writing a small program to read raw ethernet frames out of netgraph >>>to capture Spannign Tree packets from the switch. >>> >>>Is it possible to pick up STP frames without putting the interface in >>>promiscuous mode ? >> >>If you don't put it in promiscuous mode, then you will only see broadcast >>packets and packets aimed at you specifically. >> >>If that's enough then there is nothing in netgraph that insists that >>you turn on promiscuous mode. > > > Well STP packets are sent to a well known MAC address (multicast?) > so i can't see it if the card is not in promisc mode. Well it might be a multicast address. I'm not an expert on multicast.. I've never really used it. I think that it depends on what hardware you have as to how it deals with M/C. > I'm not exactly sure if it's good or not to leave it in promisc mode > all the time, is there any security/performance issues with that on a > busy server? some.. usually though the switch is only going to send you packets you might want to receive anyhow.. > I want to read STP packets to monitor the link with the switch, if i can't > hear the switch for X amount oof time, failover to another NIC. > Is it possible to have more then one MAC on a NIC ? I have bge and em > cards. I've never heard of it.. > > >>You should probably look at the ng_etf node too BTW. > > > How does ng_etf deal with that ? no, but as an example of something that is designed to be attached directly to the ng_ether nodes. >