Skip site navigation (1)Skip section navigation (2) 
Date:      01 Jul 1999 17:53:43 +0200
From:      Dag-Erling Smorgrav <des@flood.ping.uio.no>
To:        Ruslan Ermilov <ru@FreeBSD.ORG>
Cc:        "Oles' Hnatkevych" <gnut@fc.kiev.ua>, freebsd-questions@FreeBSD.ORG
Subject:   Re: network dumper - dumping hub
Message-ID:  <xzpso78xt6g.fsf@flood.ping.uio.no>
In-Reply-To: Ruslan Ermilov's message of "Thu, 1 Jul 1999 18:23:17 %2B0300"
References:  <Pine.BSF.4.05.9907011759340.36354-100000@blend.fc.kiev.ua> <19990701182317.A60590@relay.ucb.crimea.ua>
next in thread | previous in thread | raw e-mail | index | archive | help 
Ruslan Ermilov <ru@FreeBSD.ORG> writes:
> On Thu, Jul 01, 1999 at 06:01:36PM +0300, Oles' Hnatkevych wrote:
> >   Is it possible to make FreeBSD box to pass ALL THE NETWORK TRAFFIC
> > from one ethernet card to another and back (fully transparently)
> > and also dump that traffic to the file?
> [...]
> This behaviour is controlled by a sysctl variable (net.inet.ip.stealth)
> and hidden behind a kernel option (IPSTEALTH).

This is *not* what you want to use in this case. What stealth
forwarding does is forward IP packets (*not* Ethernet frames) without
decreasing the TTL. It seems to me that what Oles wants is bridging,
possibly with a divert socket to a traffic logger. Investigate
bridge(4), ipmon(8), divert(4), ipfw(8), ipfw(4), and possibly
commercial (or free) third-party solutions such as NFR.

I get a feeling that what Oles wants is an Ethernet packet snooper.
Oles, are you sure you need forwarding (in-line snooping), or can you
make do with tapping (by-line snooping)? If the latter, all you need
to do is 'ifconfig up' your interface (without assigning an IP
address) and use tcpdump(1) or ipmon(8) to sniff on it.

> And don't forget to send your beer to Dag-Erling Smorgrav <des@FreeBSD.org>!

Always a good idea to send me beer.

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpso78xt6g.fsf>