[OpenIndiana-discuss] Configuring span ports on oi151
James Carlson
carlsonj at workingcode.com
Mon Oct 24 17:35:12 UTC 2011
Jason J. W. Williams wrote:
>> Thanks James. I need to sniff traffic on this bridge, but using it as port
>> mirror or span port. For example, if I create a bridge with bge0, bge1, and
>> bge2, I need to "see" all traffic that cross these interfaces, not only, for
>> example, bge0 ... That's the problem.
>
> I've always used tcpdump on both Linux and OpenIndiana/Solaris for
> that...one session per interface:
>
> tcpdump -i bge0 -s0 -w /tmp/bge0.pcap &
> tcpdump -i bge1 -s0 -w /tmp/bge1.pcap &
> tcpdump -i bge2 -s0 -w /tmp/bge2.pcap &
You don't need to do that unless you need to keep track of the port on
which the packets are seen. If you don't, and you just want a record of
all of the traffic, use the existing observability node. A single
"tcpdump -i bridgename0 -s0 -w /tmp/bridge.pcap &" should do it.
(It'd be nice if the file format[s] were extended to keep track of port
as well as inbound/outbound direction and status flags. We had a
project in our group to do that back at Sun, but it was never
prioritized and thus never finished.)
> Are you looking for an easier method? (tcpdump on Linux allows "-i
> any" to capture across interfaces but it's not promiscuous capture and
> I'm not sure if the Solaris version supports it.)
No.
--
James Carlson 42.703N 71.076W <carlsonj at workingcode.com>
More information about the OpenIndiana-discuss
mailing list