I cannot see any traffic on bridge0 with "tcpdump -i bridge0", so that's why I don't see any alerts on snort.
My physical interfaces are already configured and have their own IP addresses. I need to assign different IPs to all 3 cards (LAN, WAN1, WAN2). And here is what I run on the command line to create a bridge interface (to use as a pseudo interface on snort command line for monitoring): ifconfig bridge0 create brconfig bridge0 add vr0 add rl0 add nfe0 up Am I not supposed to see the traffic on all of the physical interfaces (vr0, fxp0, nfe0) using tcpdump on bridge0? (I've tried with pf disabled too.) Perhaps this is not possible at all with bridge intefaces? If so, how do I achieve such a monitoring interface? Any comments please? (Please note: this issue is important to be able to run only a single instance of snort on multiple NICs. Otherwise, 3 instances of snort really stretches the shared memory.)
