Hi,
I've installed OpenBSD as a bridge to allow network monitoring for my
network. So, I put 3 network cards inside the box. Two cards are
actually part of the bridge. The third one is a spanport that takes all
the traffic from the bridge. The purpose is to listen on the spanport
from another OpenBSD box with snort. From the machine itself, I can do a
tcpdump on the spanport and I see traffic ... However, from the other
box that listens, there is nothing. I have connected a straight cable on
that interface from the other box.
Questions:
1. What would be the state of the interface that listens on the second box?
2. Does the interface (on the second box) needs to be in a promisc mode?
How can I do that with Open?
Here is the configs of the OpenBSD/Bridge:
/etc/bridgename.bridge0
--------------------------------------------
add ne3
add ep1
addspan xl0 -----------------> The interface where the second box is
connected.
up
--------------------------------------------
Thanks,
Mik
