listening on multiple interfaces
Chris Russel
russel at yorku.ca
Tue Apr 30 17:48:03 EDT 2002
I'm doing exactly this in fact - running bonding driver with inputs from
shomiti tap. It seems to work okay, although note that the slave devices
have to be in promisc mode in addition to the bonding device or you'll get
no packets at all. (makes sense I suppose but didn't occur to me right away)
On Tue, 30 Apr 2002, Peter Van Epp wrote:
> Two machines each with tcpdump on a single interface connected to the
> Shomiti is what I've used in the past to do such things with tcpreplay (i.e.
> be able to play back an FDX stream). If you need a single tcpdump file with
> both sides, I expect a channel bonded Linux box would do the trick (i.e two
> hundred NICs channel bonded together and fed to tcpdump is reputed to work
> although I haven't yet tried it myself). If you also want/need to play it back
> there are mods to do such for tcpreplay (and tcpreplay itself) on ftp.sfu.ca
> in /pub/unix/tcpreplay .
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
> >
> >
> > Hi Folks,
> >
> > I've gotten used to argus' ability to listen on multiple ports on the same
> > machine. (we use the Shomiti Century taps which have 2 outputs, one for TX and
> > one for RX.)
> > Is anyone aware of a tool that can write tcpdump formatted output files but
> > capture from two interfaces simultaneously? Failing that, I guess I could use
> > or write a tool to multiplex two seperate tcpdump streams together..
> >
> > Any ideas?
> >
> > I need to capture some streams for analysis and the only format my tools
> > understand is tcpdump capture files.
> >
> > Thanks..
> >
> >
> > -JEff
> >
> >
>
--
Chris Russel | CNS Information Security
russel at yorku.ca | York University, Toronto, Canada
More information about the argus
mailing list