From owner-freebsd-net@FreeBSD.ORG Wed Oct 19 14:58:28 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E89C16A41F for ; Wed, 19 Oct 2005 14:58:28 +0000 (GMT) (envelope-from saundersconsult@hotmail.com) Received: from hotmail.com (bay101-f31.bay101.hotmail.com [64.4.56.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 396DE43D4C for ; Wed, 19 Oct 2005 14:58:28 +0000 (GMT) (envelope-from saundersconsult@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 19 Oct 2005 07:58:27 -0700 Message-ID: Received: from 64.4.56.200 by by101fd.bay101.hotmail.msn.com with HTTP; Wed, 19 Oct 2005 14:58:27 GMT X-Originating-IP: [64.60.108.59] X-Originating-Email: [saundersconsult@hotmail.com] X-Sender: saundersconsult@hotmail.com From: "Shawn Saunders" To: freebsd-net@freebsd.org Date: Wed, 19 Oct 2005 14:58:27 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 19 Oct 2005 14:58:27.0939 (UTC) FILETIME=[8FFA7330:01C5D4BD] Subject: Trying to make a Host into a gigabit hub for testing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Oct 2005 14:58:28 -0000 I am setting up a test environment with multiple IDS's. ngctl looks like a solution but it is not broadcasting all packets to all interfaces as the documentation appears to state it should. I've probably made some error in configuration. My goal is to put em0 into a spanned port in promiscuous mode and broadcast all traffic from that port out the other network interfaces. I plan on having em0 (gigabit) and 6 other gigabit interfaces. Each will then echo the same traffic to six other machines (IDS's) for testing. The proof of concept with a gigabit (EM0) and 4 10/100 ethernets (sfx). The 10/100's will be replaced for implementation. Any help would be appreciated. My config follows: ifconfig sf0 up ifconfig sf1 up ifconfig sf2 up ifconfig sf3 up ifconfig em0 up kldload ng_ether.ko kldload ng_one2many.ko kldload ng_fec.ko ngctl mkpeer fec dummy fec ngctl msg fec0: add_iface '"em0"' ; em0 is the port connected to traffic (sniffing) ngctl msg fec0: set_mode_inet ngctl mkpeer fec0: one2many upper one ngctl connect fec0: fec0:upper lower many0 ngctl connect sf0: fec0:upper lower many1 ngctl connect sf1: fec0:upper lower many2 ngctl connect sf2: fec0:upper lower many3 ngctl connect sf3: fec0:upper lower many4 ngctl msg sf0: setpromisc 1 ngctl msg sf0: setautosrc 0 ngctl msg sf1: setpromisc 1 ngctl msg sf1: setautosrc 0 ngctl msg sf2: setpromisc 1 ngctl msg sf2: setautosrc 0 ngctl msg sf3: setpromisc 1 ngctl msg sf3: setautosrc 0 ngctl msg em0: setpromisc 1 ; I have tried with this set and not. ngctl msg em0: setautosrc 0 ; I have tried with this set and not. ngctl msg fec0:upper setconfig "{ xmitAlg=2 failAlg=1 enabledLinks=[1 1 1 1 1] }" ifconfig fec0 -arp up ; I have tried with this set and not. Am I missing something? Shawn Saunders