Ed Greshko wrote:
I think that the easiest way to look at eth2 and eth3 interfaces simultaneously is to use tcpdump with '-i any', and filter out eth0 and eth1 using tcpdump filter such as 'not (ether dst <MAC_addr_of _eth0> or ether dst <MAC_addr_of _eth1>)'. You should note that when tcpdump is capturing packets from 'any' interface it will not swich interfaces into promiscuous mode. You will not be able to sniff packets when eth2 and eth3 are not in that mode, because none of the packets from the fiber tap is addressed to your interfaces. Therefore, you will need to switch eth2 and eth3 into promiscuous mode manually: 'ifconfig eth2 promisc', 'ifconfig eth3 promisc'.
Harry Hoffman wrote:
Hi Ed,
There are 4 interfaces:
eth0 -> transport eth1 -> unused eth2 -> sniff eth3 -> sniff
eth2,3 are plugged into a fiber tap and each card carries 1 direction of the bidirectional traffic.
I would like to combine them to form a single interface for things like tcpdump, tethereal, snort, etc. I don't want eth0,1 to be a part of it.
I see.... Well, I guess I can't help you much. I normally use the tcpdump and ethereal with "any" and then filter on the nets of interest. For my needs it has been sufficient.
Alexey Fadyushin Brainbench MVP for Linux http://www.brainbench.com
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
