John <firstname.lastname@example.org> writes:
|----- Forwarded message from John <email@example.com> -----
|Date: Mon, 15 Dec 2003 17:58:15 -0600
|From: John <firstname.lastname@example.org>
|Subject: interface bonding
|Is there any way to bond sniffer interfaces?
|I've read a little on netgraph and it seems
|like i maybe able to use that but i'm not sure
|how to go about that.
|Basicly the end result is to have snort listen on
|a virtual interface, which will have data sent to
|it from say fxp0 and fxp1. I also want to make sure that
|data from fxp0, fxp1 or $VIRTUAL doesn't get sent out
|fxp1 or fxp0 for some reason.
|----- End forwarded message -----
|I'm sure i checked this before, but a google search turned up this.
|ngctl mkpeer fec dummy fec
|ngctl msg fec0: add_iface '"sf2"'
|ngctl msg fec0: add_iface '"sf3"'
|ngctl msg fec0: set_mode_inet
|ifconfig sf2 promisc
|ifconfig sf3 promisc
|ifconfig fec0 promisc
|after this fec0 will be the virtual if that gets the frames.
|This does depend on the fec module.
|# cd /usr/src/sys/modules/netgraph/fec/
|# make && make install
|http://taosecurity.blogspot.com/ <- this is where i found it.
|which points out this poster.
|So is there a reason the netgraph fec module isn't built by default?
Yes. It's not very stable. Better use ng_one2many.
|email@example.com mailing list
|To unsubscribe, send any mail to
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.