Aggregating many ports into one for tcpdump server. (also
sampling before libpcap)
Andrew Thompson
thompsa at FreeBSD.org
Sat Dec 8 02:41:12 PST 2007
On Sat, Dec 08, 2007 at 10:35:11AM +0000, Peter Wood wrote:
> Morning,
>
> >>> Looking thru the archives, it seems ng_one2many (in this case
> >>> 'many2one') is what I am looking for. Am I barking the right tree
> here?
>
> Strangely enough this is the exact situation I was looking into on Friday
> for two mirror ports from our border routers via aggregation switches.
>
> I had seen the netgraph solution however I had initially ignored if_bridge
> as I don't want the packets to be sent to the opposing devices.
Thats why you combine if_bridge with monitor mode, any incoming packets
are discarded after bpf processing so they are never sent to opposing
devices.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html#AEN40035
regards,
Andrew
More information about the freebsd-net
mailing list