On Tue, Aug 27, 2013 at 10:26 PM, John Nielsen <li...@jnielsen.net> wrote: > On Aug 25, 2013, at 5:38 AM, carlopmart <carlopm...@gmail.com> wrote: > >> I need to monitor/sniff network traffic for three subnets (1 GiB nets) and I >> need to do this using a virtual guest under an ESXi 5 host (yes, it is a >> "handicap"). > > Not sure about your questions below, but doesn't ESXi 5 support port > mirroring in the virtual switch? That seems like a better place to do most of > the heavy lifting. You could still attach your FreeBSD instance to the > monitor port(s) for analysis. That would hopefully help at least with a) by > reducing the number of virtual NICs needed. >
Thanks John for your answer, but I can't use distributed switches in this ESXi server because is a standalone server (distributed vswitches are only available when you manage more than tow ESXi servers using clustering features and is the only option to do port mirroring. Using a standalone server you can enable promisc in a vswitch and use an external tap to see all traffic, but that's not the problem actually: I can see all traffic in this freebsd vm). About nics: I can't reduce the number of virtual NICs. I need to use six to monitor six different subnets ... And here is the problem with IRQs. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
