Reading raw ethernet
Julian Elischer
julian at elischer.org
Sat Aug 20 05:30:41 GMT 2005
Paul Khavkine wrote:
> On Fri, 19 Aug 2005, Julian Elischer wrote:
>
>
>>Paul Khavkine wrote:
>>
>>>Hi guys.
>>>
>>>
>>>I'm writing a small program to read raw ethernet frames out of netgraph
>>>to capture Spannign Tree packets from the switch.
>>>
>>>Is it possible to pick up STP frames without putting the interface in
>>>promiscuous mode ?
>>
>>If you don't put it in promiscuous mode, then you will only see broadcast
>>packets and packets aimed at you specifically.
>>
>>If that's enough then there is nothing in netgraph that insists that
>>you turn on promiscuous mode.
>
>
> Well STP packets are sent to a well known MAC address (multicast?)
> so i can't see it if the card is not in promisc mode.
Well it might be a multicast address.
I'm not an expert on multicast.. I've never really used it.
I think that it depends on what hardware you have as to how it deals with M/C.
> I'm not exactly sure if it's good or not to leave it in promisc mode
> all the time, is there any security/performance issues with that on a
> busy server?
some.. usually though the switch is only going to send you packets
you might want to receive anyhow..
> I want to read STP packets to monitor the link with the switch, if i can't
> hear the switch for X amount oof time, failover to another NIC.
> Is it possible to have more then one MAC on a NIC ? I have bge and em
> cards.
I've never heard of it..
>
>
>>You should probably look at the ng_etf node too BTW.
>
>
> How does ng_etf deal with that ?
no, but as an example of something that is designed to be attached directly
to the ng_ether nodes.
>
More information about the freebsd-net
mailing list