netgraph, bpf, and sniffing 2 interfaces
afle...@fhsu.edu
mailing lists and web, but I still nee some help.
I have a program that sniffs IP packets off of an ethernet interface using
BPF (Like tcpdump does). However I can only sniff packets off the one
interface at a time. I need to actually sniff packets off of two
interfaces at the sametime, but the program won't use two interfaces.
(Specificaly I have a fiber tap. Which of course two outputs one for the
transmit for each side of the link. I want to just hook the tap output
into the receive of two fiber nics. This works, I can do a tcpdump on one
of the other, but I only see 1/2 of the link. The software I am using will
only sniff one interface at a time, so I'd have to combine both streams
into one interface before I can see both sides of the conversation.)
I am thinking I can somehow use netgraph to accomplish this.
So what I think I need is to make a virtual netgraph interface and then
sniff packets off of this.
fxp0
/
tcpdump - bpf -ng0
\
fxp1
Does anyone have any suggestions on if this is the right way to go. If so
can anybody help me with the setup. I have never used netgraph before so
I'm going through a big learning curve here. I keep running into things
like the fact that ng0 is by default a point to point interface and I don't
know how to change it to broadcast. I've been doing a lot of searching but
I haven't been able to find anything about sniffing packets off of a
netgraph interface.
Thanks for any help or suggestions anyone can provide.
Andrew Fleming
Fort Hays State University Computing Center
Phone: (785) 628-4433
E-mail: afle...@fhsu.edu
To Unsubscribe: send mail to majo...@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message