Date: Sat, 28 Jan 2006 20:52:11 +0100 From: Frank <frank@deze.org> To: net@freebsd.org Subject: Creating span port using netgraph Message-ID: <43DBCB6B.7080504@deze.org>
next in thread | raw e-mail | index | archive | help
Hi,
I'm trying to setup a "span" Interface for using with snort. Basically,
the span interface should receive a copy of all IP packets seen on my
real network interfaces, with the purpose that snort can snoop this
interface.
After reading the manuals, and searching the Internet I came up with the
following script:
#!/bin/sh
# load ng_ether to get ethernet interfaces
if ! kldstat -v | grep ng_ether > /dev/null 2>&1; then
kldload ng_ether
fi
# create ngeth0 and bind xl0, xl1, xl2 and xl3 to it
ngctl mkpeer . eiface hook ether
ngctl mkpeer ngeth0: one2many lower one
ngctl connect xl0: ngeth0:lower lower many0
ngctl connect xl1: ngeth0:lower lower many1
ngctl connect xl2: ngeth0:lower lower many2
ngctl connect xl3: ngeth0:lower lower many3
# bring up ngeth0 for sniffing duties
ifconfig ngeth0 monitor up
After I run this script, all network connections freeze and I lost all
IP connectvity. If I tcpdup on any inteface (xl? or ngeth0) no traffic
is visible.
Maybe I'm overlooking the obvious, but I do not understand why it does
not work....
Any help is appreciated! I'm using FreeBSD 6-STABLE.
Regards,
Frank
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43DBCB6B.7080504>