Re: Port Mirroring in Linux
- From: Pascal Hambourg <boite-a-spam@xxxxxxxxxxxxxxx>
- Date: Wed, 31 Oct 2007 10:41:13 +0100
Hello,
David Schwartz a écrit :
On Oct 30, 5:07 am, jeniffer <zenith.of.perfect...@xxxxxxxxx> wrote:
I need a behavior where I say that all packets coming and going on an
interface X must be given to another interface Y.
That's what a bridge does. As you said above, it looks at its table's
entry and decides which interfaces to forward a packet to.
You are saying:
1) A bridge takes a packet and forwards it onto the appropriate
interfaces.
2) I want to take packets and forward them to appropriate interfaces.
But I'm afraid that the OP and a bridge have a slightly different idea of what "appropriate interfaces" is. To a bridge, it is interfaces that have seen incoming traffic from the destination MAC address, or all interfaces if the destination is unknown or broadcast (I skip the multicast case). To the OP, it is the same *plus* the mirroring interface.
3) I don't want a bridge.
You do realize that bridges frequently send the same packet to more
than one destination. Consider the obvious case where the bridge has
never seen a packet with that destination MAC before. Consider an ARP
request.
What you want is what bridges do.
I do not think that the vanilla Linux bridge code can do what the OP wants. I guess it could if learning could be disabled, so the bridge floods all traffic on all interfaces.
.
- Follow-Ups:
- Re: Port Mirroring in Linux
- From: David Schwartz
- Re: Port Mirroring in Linux
- References:
- Port Mirroring in Linux
- From: jeniffer
- Re: Port Mirroring in Linux
- From: david
- Re: Port Mirroring in Linux
- From: jeniffer
- Re: Port Mirroring in Linux
- From: David Schwartz
- Port Mirroring in Linux
- Prev by Date: Re: Troubleshooting connection loss (novice question)
- Next by Date: Help Needed!!!!
- Previous by thread: Re: Port Mirroring in Linux
- Next by thread: Re: Port Mirroring in Linux
- Index(es):
Relevant Pages
|
