Aggregating many ports into one for tcpdump server.

Andrew Thompson thompsa at
Tue Dec 4 16:32:52 PST 2007

On Tue, Dec 04, 2007 at 04:25:01PM -0800, Peter Losher wrote:
> I am currently working on a tcpdump collector where we have multiple
> feeds coming in (via bge{0-8}).  Since tcpdump can only poll one
> interface per process, I was hoping to aggregate the traffic onto one
> pseudo-interface for tcpdump to hold onto and to poll.
> Looking thru the archives, it seems ng_one2many (in this case
> 'many2one') is what I am looking for.  Am I barking the right tree here?

You can use if_bridge(4) or lagg(4) for this purpose. lagg may be the
easier one to use, add all the ports to the lagg interface and set the
proto to 'loadbalance'. An example for using the bridge is in the
bridging section of the handbook.


More information about the freebsd-net mailing list