Hi, I am setting up a freebsd box to act as a snort sensor on my network. The box has three nics, one internal nic for talking on the network, and two nics on a single pci card that receive a TX and RX SPAN port from my switch, respectively. I am trying to bind the two adapters on the freebsd box so I have one virtual adapter that snort can listen to.
I have been researching netgraph for some time and the script I have been using to configure the adapters is:
However when I run the script I get:
Now 'ngeth0' appears in ifconfig:
but when I TCPDUMP from it it never records any packets even though I know the span ports are sending the individual NICs data.
I have been googling the error messages that are returned by the bonding script but have been unable to make any progress. Any advice or tips would be greatly appreciated. Thank you!
I have been researching netgraph for some time and the script I have been using to configure the adapters is:
Code:
#!/bin/sh
echo "Trying kldload ng_ether..."
kldload ng_ether
echo "Putting dual adapters into promisc mode..."
ifconfig em0 promisc -arp up
ifconfig em1 promisc -arp up
echo "Trying mkpeer . eiface hook ether"
ngctl mkpeer . eiface hook ether
echo "Trying mkpeer ngeth0: one2many lower one"
ngctl mkpeer ngeth0: one2many lower one
echo "Trying ngctl connect em0: ngeth0: lower lower many0"
ngctl connect em0: ngeth0:lower lower many0
echo "Trying ngctl connect em1: ngeth0: lower lower many1"
ngctl connect em1: ngeth0:lower lower many1
echo "Tryinh ifconfig ngeth0 -arp up"
ifconfig ngeth0 -arp up
Code:
Trying kldload ng_ether...
Putting dual adapters into promisc mode...
Trying mkpeer . eiface hook ether
Trying mkpeer ngeth0: one2many lower one
[B]ngctl: send msg: Protocol family not supported[/B]
Trying ngctl connect em0: ngeth0: lower lower many0
[B]ngctl: send msg: No such file or directory[/B]
Trying ngctl connect em1: ngeth0: lower lower many1
[B]ngctl: send msg: No such file or directory[/B]
Tryinh ifconfig ngeth0 -arp up
Code:
ngeth0: flags=88c3<UP,BROADCAST,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:00:00:00:00:00but when I TCPDUMP from it it never records any packets even though I know the span ports are sending the individual NICs data.
I have been googling the error messages that are returned by the bonding script but have been unable to make any progress. Any advice or tips would be greatly appreciated. Thank you!