Jason J. W. Williams wrote: >> Thanks James. I need to sniff traffic on this bridge, but using it as port >> mirror or span port. For example, if I create a bridge with bge0, bge1, and >> bge2, I need to "see" all traffic that cross these interfaces, not only, for >> example, bge0 ... That's the problem. > > I've always used tcpdump on both Linux and OpenIndiana/Solaris for > that...one session per interface: > > tcpdump -i bge0 -s0 -w /tmp/bge0.pcap & > tcpdump -i bge1 -s0 -w /tmp/bge1.pcap & > tcpdump -i bge2 -s0 -w /tmp/bge2.pcap &
You don't need to do that unless you need to keep track of the port on which the packets are seen. If you don't, and you just want a record of all of the traffic, use the existing observability node. A single "tcpdump -i bridgename0 -s0 -w /tmp/bridge.pcap &" should do it. (It'd be nice if the file format[s] were extended to keep track of port as well as inbound/outbound direction and status flags. We had a project in our group to do that back at Sun, but it was never prioritized and thus never finished.) > Are you looking for an easier method? (tcpdump on Linux allows "-i > any" to capture across interfaces but it's not promiscuous capture and > I'm not sure if the Solaris version supports it.) No. -- James Carlson 42.703N 71.076W <carls...@workingcode.com> _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
