'Re: [l7-filter-developers] Analyze Traffic without inserting pc directly'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       l7-filter-developers
Subject:    Re: [l7-filter-developers] Analyze Traffic without inserting pc directly
From:       lonely wolf <wolfy () pcnet ! ro>
Date:       2006-02-02 9:33:07
Message-ID: 43E1D1D3.2070104 () pcnet ! ro
[Download RAW message or body]

Dez Cadena wrote:     

>>
>>> You have your bridge with 2 interfaces: one interface receiving the
>>> traffic to be analysed and another interface  (that supposedly is used
>>> to "exit" traffic). Is that interface connected to some switch or
>>> anything else? I'm asking that because I had a similar problem. I 
>>> had to
>>> connect that interface to a switch's active port in order for the
>>> traffic to "pass through".
>>>   
>>
>>
>> i've connected the "exit"-Interface to another empty switch. To get 
>> the traffic to go through the bridge, i have to connect the interface 
>> to the same switch in the same vlan, is it right? But then, it will 
>> give loops and the wouldn't be useable, i think...
>>
>>  
>>
> You don't need to connect the "bridge-out" interface to the same 
> switch/VLAN etc. You just need to connect
> it to an *active* port on any switch. In one of the tests that I did, 
> I *had* to connect it to the same switch (just because
> of switch shortage), so in order for the traffic to stop at the 
> switch's interface, I had to apply an ACL on that port.
>
> In another case, I had a spare switch, so I connected the "bridge-out" 
> interface to an active port on that switch.
> Keep in mind that the switch was *not* connected anywhere else,  it 
> was just a dummy switch.

I guess the basic idea is that the ethernet driver would notice when the 
interface is not connected to anything, so the kernel would simply skip 
any analysis which would imply that interface (if the interface is down, 
there is no traffic through it, so why analyze, right ?)



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
L7-filter-developers mailing list
L7-filter-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/l7-filter-developers
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic