Philip A. Prindeville a écrit : >> >>>>> I'm running PPP over br0. (Why did I do this? So I could stick a >>>>> packet sniffer on eth0 and get traces of everything going out over the >>>>> DSL...) >>>> >>>> Prepare to be disappointed. A bridge port does not see traffic that >>>> flows between other ports. >>> >>> Oh, right. I was confused. I was thinking of actually having an "FBI >>> jack" for watching traffic. >> >> You might want to try to set the 'setageingtime' to 0 so the bridge code >> does not remember MAC addresses and acts as a dumb hub instead of a >> switch. I did some testing with the bridge ageing time. Firstly, brctl man page contains a mistake : the command is "setageing", not "setageingtime". Secondly, when the ageing time is set to zero locally generated frames and incoming frames with the destination MAC address different from any of the bridge own MAC addresses are forwarded on all ports, but incoming frames with the destination address equal to one of the bridge own MAC addresses are not forwarded on all ports. That was expected : the bridge permanently knows these addresses are its own, even when the aging time is 0. So it does not completely turn the bridge into a dumb hub. You can "mirror" outgoing frames on the other port, but not all incoming frames and specifically not PPPoE frames sent to the bridge MAC address, if that is what you are interested in. >>> Does that use the 'TEE' target, or what? >> >> Instead of a bridge, you mean ? TEE works on IPv4 packets, so it is not >> possible to wiretap PPPoE traffic, only the IPv4 trafic within before it >> enters or after it leaves the PPP interface. [...] > I just want to be able to take all packets coming in or going out the > DSL interface and copy them onto an Ethernet interface, for sniffing. > > Too bad there's no easy way to do this with netfilter. What are you interested in exactly ? The whole PPPoE frames with ethernet and PPPoE headers, LCP and IPCP packets and so on or only the IP packets in the PPP session ? If you are only interested in the IP packets, then TEE may be an option instead of a bridge for both incoming and outgoing traffic, although it is not included in the standard kernel AFAIK. -- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
