michapdm
asked on
no sniffing on a Linux dot1q vlan bridged Interface
I built a network transparent Firewall with 2 bridges Interface (1 in Resever), this bridged Interface is passing a trunk (dot1q) with 4 Vlans,
So if I start a network scanner for Example tcpdump I only see Broadcaast and muticast Traffic,
tcpdump -i eth1.xx -vv
tcpdump: WARNING: eth1.xx: no IPv4 address assigned
tcpdump: listening on eth1.xx, link-type EN10MB (Ethernet), capture size 65535 bytes
10:57:18.117847 STP 802.1d, Config, Flags [none], bridge-id 8010.10:8c:cf:bb:f4:00.802
message-age 3.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
root-id 1010.c4:7d:4f:81:d5:c0, root-pathcost 6009
10:57:18.379476 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.x.x.x tell 172.x.x.x., length 46
10:57:19.270406 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.x.x.x tell 172.x.x.x , length 46
10:57:19.271341 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 17x.x.x.x tell 17x.x.x.x, length 46
10:57:20.115109 STP 802.1d, Config, Flags [none], bridge-id 8010.10:8c:cf:bb:f4:00.802
message-age 3.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
root-id 1010.c4:7d:4f:81:d5:c0, root-pathcost 6009
^C10:57:20.274478 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.x.x.x tell 172.x.x.x, length 46
8 packets captured
558 packets received by filter
520 packets dropped by kernel
root@s****:~#
--------------------------
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere state INVALID
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
root@sixxxxxx:~#
Have tcpdump Problems to see inside dot1q Frames?
So if I start a network scanner for Example tcpdump I only see Broadcaast and muticast Traffic,
tcpdump -i eth1.xx -vv
tcpdump: WARNING: eth1.xx: no IPv4 address assigned
tcpdump: listening on eth1.xx, link-type EN10MB (Ethernet), capture size 65535 bytes
10:57:18.117847 STP 802.1d, Config, Flags [none], bridge-id 8010.10:8c:cf:bb:f4:00.802
message-age 3.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
root-id 1010.c4:7d:4f:81:d5:c0, root-pathcost 6009
10:57:18.379476 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.x.x.x tell 172.x.x.x., length 46
10:57:19.270406 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.x.x.x tell 172.x.x.x , length 46
10:57:19.271341 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 17x.x.x.x tell 17x.x.x.x, length 46
10:57:20.115109 STP 802.1d, Config, Flags [none], bridge-id 8010.10:8c:cf:bb:f4:00.802
message-age 3.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
root-id 1010.c4:7d:4f:81:d5:c0, root-pathcost 6009
^C10:57:20.274478 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.x.x.x tell 172.x.x.x, length 46
8 packets captured
558 packets received by filter
520 packets dropped by kernel
root@s****:~#
--------------------------
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere state INVALID
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
root@sixxxxxx:~#
Have tcpdump Problems to see inside dot1q Frames?
ASKER
Thanks for the Hint, but I realized that the Problem must be by the spanningtree off the bridge, or a maled bridgeConfigurationen,
here is my bridge Configuration
#! /bin/bash
modprobe 8021q
ifconfig eth0 0.0.0.0 promisc up
ifconfig eth1 0.0.0.0 promisc up
ifconfig eth3 0.0.0.0 promisc up
vconfig add eth0 16
vconfig add eth0 18
vconfig add eth0 24
vconfig add eth0 103
vconfig add eth1 16
vconfig add eth1 18
vconfig add eth1 24
vconfig add eth1 103
vconfig add eth3 16
vconfig add eth3 18
vconfig add eth3 24
vconfig add eth3 103
echo "bridging eth0"
ifconfig eth0.16 up
ifconfig eth0.16 mtu 1496
ifconfig eth0.16 0.0.0.0 promisc up
ifconfig eth0.18 up
ifconfig eth0.18 mtu 1496
ifconfig eth0.18 0.0.0.0 promisc up
ifconfig eth0.24 up
ifconfig eth0.24 mtu 1496
ifconfig eth0.24 0.0.0.0 promisc up
ifconfig eth0.103 up
ifconfig eth0.103 mtu 1496
ifconfig eth0.103 0.0.0.0 promisc up
echo "bridging eth1"
ifconfig eth1.16 up
ifconfig eth1.16 mtu 1496
ifconfig eth1.16 0.0.0.0 promisc up
ifconfig eth1.18 up
ifconfig eth1.18 mtu 1496
ifconfig eth1.18 0.0.0.0 promisc up
ifconfig eth1.24 up
ifconfig eth1.24 mtu 1496
ifconfig eth1.24 0.0.0.0 promisc up
ifconfig eth1.103 up
ifconfig eth1.103 mtu 1496
ifconfig eth1.103 0.0.0.0 promisc up
echo "bridging eth3"
ifconfig eth3.16 up
ifconfig eth3.16 mtu 1496
ifconfig eth3.16 0.0.0.0 promisc up
ifconfig eth3.18 up
ifconfig eth3.18 mtu 1496
ifconfig eth3.18 0.0.0.0 promisc up
ifconfig eth3.24 up
ifconfig eth3.24 mtu 1496
ifconfig eth3.24 0.0.0.0 promisc up
ifconfig eth3.103 up
ifconfig eth3.103 mtu 1496
ifconfig eth3.103 0.0.0.0 promisc up
echo "Ende bridging Interfaces"
echo "Start bridges anlegen"
brctl addbr br0
brctl addif br0 eth0.16
brctl addif br0 eth1.16
brctl addif br0 eth3.16
brctl addbr br1
brctl addif br1 eth0.18
brctl addif br1 eth1.18
brctl addif br1 eth3.18
brctl addbr br2
brctl addif br2 eth0.24
brctl addif br2 eth1.24
brctl addif br2 eth3.24
brctl addbr br3
brctl addif br3 eth0.103
brctl addif br3 eth1.103
brctl addif br3 eth3.103
echo "Ende anlegen bridges"
echo "bridges hochfahren"
ifconfig br0 up
ifconfig br0 0.0.0.0 promisc up
ifconfig br1 up
ifconfig br1 0.0.0.0 promisc up
ifconfig br2 up
ifconfig br2 0.0.0.0 promisc up
ifconfig br3 up
ifconfig br3 0.0.0.0 promisc up
echo "Ende bridge hochfahren"
--------------------------
xxxxxxxxxxxxxxt:~# ifconfig -a
br0 Link encap:Ethernet Hardware Adresse 00:15:e9:f0:28:de
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:1645806 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:91099458 (86.8 MiB) TX bytes:0 (0.0 B)
br1 Link encap:Ethernet Hardware Adresse 00:15:e9:f0:28:de
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:114380 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:5742719 (5.4 MiB) TX bytes:0 (0.0 B)
br2 Link encap:Ethernet Hardware Adresse 00:15:e9:f0:28:de
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:113967 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:5698350 (5.4 MiB) TX bytes:0 (0.0 B)
br3 Link encap:Ethernet Hardware Adresse 00:15:e9:f0:28:de
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:345163 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:18425150 (17.5 MiB) TX bytes:0 (0.0 B)
eth0 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b0
UP BROADCAST PROMISC MULTICAST MTU:1500 Metrik:1
RX packets:0 errors:95956 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:16 Basisadresse:0xd800
eth1 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b3
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2675879 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:186480117 (177.8 MiB)
Interrupt:17 Basisadresse:0xd880
#eth2 Management IP
eth2 Link encap:Ethernet Hardware Adresse 00:13:72:97:a1:eb
inet Adresse:172.x.x.x Bcast:172.x.x.x Maske:255.x.x.x
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX packets:14226 errors:0 dropped:0 overruns:0 frame:0
TX packets:3410 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:3115462 (2.9 MiB) TX bytes:1418366 (1.3 MiB)
Interrupt:16
#eth2 Management for Snort Webinterface
eth3 Link encap:Ethernet Hardware Adresse 00:15:e9:f0:28:de
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metrik:1
RX packets:2254583 errors:0 dropped:0 overruns:0 frame:0
TX packets:456630 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:155816954 (148.5 MiB) TX bytes:23744760 (22.6 MiB)
Interrupt:18 Basisadresse:0x8f00
eth0.16 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b0
UP BROADCAST PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0.18 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b0
UP BROADCAST PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0.24 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b0
UP BROADCAST PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0.103 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b0
UP BROADCAST PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth1.16 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b3
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:1759938 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:127115202 (121.2 MiB)
eth1.18 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b3
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:228538 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:14194407 (13.5 MiB)
eth1.24 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b3
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:228124 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:14142548 (13.4 MiB)
eth1.103 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b3
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:459279 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:31027960 (29.5 MiB)
eth3.16 Link encap:Ethernet Hardware Adresse 00:15:e9:f0:28:de
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:1645813 errors:0 dropped:0 overruns:0 frame:0
TX packets:114160 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:91099994 (86.8 MiB) TX bytes:5936320 (5.6 MiB)
eth3.18 Link encap:Ethernet Hardware Adresse 00:15:e9:f0:28:de
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:114387 errors:0 dropped:0 overruns:0 frame:0
TX packets:114158 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:5743069 (5.4 MiB) TX bytes:5936216 (5.6 MiB)
eth3.24 Link encap:Ethernet Hardware Adresse 00:15:e9:f0:28:de
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:113974 errors:0 dropped:0 overruns:0 frame:0
TX packets:114157 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:5698700 (5.4 MiB) TX bytes:5936164 (5.6 MiB)
eth3.103 Link encap:Ethernet Hardware Adresse 00:15:e9:f0:28:de
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:345170 errors:0 dropped:0 overruns:0 frame:0
TX packets:114155 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:18460222 (17.6 MiB) TX bytes:5936060 (5.6 MiB)
lo Link encap:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metrik:1
RX packets:53 errors:0 dropped:0 overruns:0 frame:0
TX packets:53 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:3410 (3.3 KiB) TX bytes:3410 (3.3 KiB)
xxxx:~#
--------------------------
How can I check the Spanningtree by linux Maschines?
here is my bridge Configuration
#! /bin/bash
modprobe 8021q
ifconfig eth0 0.0.0.0 promisc up
ifconfig eth1 0.0.0.0 promisc up
ifconfig eth3 0.0.0.0 promisc up
vconfig add eth0 16
vconfig add eth0 18
vconfig add eth0 24
vconfig add eth0 103
vconfig add eth1 16
vconfig add eth1 18
vconfig add eth1 24
vconfig add eth1 103
vconfig add eth3 16
vconfig add eth3 18
vconfig add eth3 24
vconfig add eth3 103
echo "bridging eth0"
ifconfig eth0.16 up
ifconfig eth0.16 mtu 1496
ifconfig eth0.16 0.0.0.0 promisc up
ifconfig eth0.18 up
ifconfig eth0.18 mtu 1496
ifconfig eth0.18 0.0.0.0 promisc up
ifconfig eth0.24 up
ifconfig eth0.24 mtu 1496
ifconfig eth0.24 0.0.0.0 promisc up
ifconfig eth0.103 up
ifconfig eth0.103 mtu 1496
ifconfig eth0.103 0.0.0.0 promisc up
echo "bridging eth1"
ifconfig eth1.16 up
ifconfig eth1.16 mtu 1496
ifconfig eth1.16 0.0.0.0 promisc up
ifconfig eth1.18 up
ifconfig eth1.18 mtu 1496
ifconfig eth1.18 0.0.0.0 promisc up
ifconfig eth1.24 up
ifconfig eth1.24 mtu 1496
ifconfig eth1.24 0.0.0.0 promisc up
ifconfig eth1.103 up
ifconfig eth1.103 mtu 1496
ifconfig eth1.103 0.0.0.0 promisc up
echo "bridging eth3"
ifconfig eth3.16 up
ifconfig eth3.16 mtu 1496
ifconfig eth3.16 0.0.0.0 promisc up
ifconfig eth3.18 up
ifconfig eth3.18 mtu 1496
ifconfig eth3.18 0.0.0.0 promisc up
ifconfig eth3.24 up
ifconfig eth3.24 mtu 1496
ifconfig eth3.24 0.0.0.0 promisc up
ifconfig eth3.103 up
ifconfig eth3.103 mtu 1496
ifconfig eth3.103 0.0.0.0 promisc up
echo "Ende bridging Interfaces"
echo "Start bridges anlegen"
brctl addbr br0
brctl addif br0 eth0.16
brctl addif br0 eth1.16
brctl addif br0 eth3.16
brctl addbr br1
brctl addif br1 eth0.18
brctl addif br1 eth1.18
brctl addif br1 eth3.18
brctl addbr br2
brctl addif br2 eth0.24
brctl addif br2 eth1.24
brctl addif br2 eth3.24
brctl addbr br3
brctl addif br3 eth0.103
brctl addif br3 eth1.103
brctl addif br3 eth3.103
echo "Ende anlegen bridges"
echo "bridges hochfahren"
ifconfig br0 up
ifconfig br0 0.0.0.0 promisc up
ifconfig br1 up
ifconfig br1 0.0.0.0 promisc up
ifconfig br2 up
ifconfig br2 0.0.0.0 promisc up
ifconfig br3 up
ifconfig br3 0.0.0.0 promisc up
echo "Ende bridge hochfahren"
--------------------------
xxxxxxxxxxxxxxt:~# ifconfig -a
br0 Link encap:Ethernet Hardware Adresse 00:15:e9:f0:28:de
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:1645806 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:91099458 (86.8 MiB) TX bytes:0 (0.0 B)
br1 Link encap:Ethernet Hardware Adresse 00:15:e9:f0:28:de
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:114380 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:5742719 (5.4 MiB) TX bytes:0 (0.0 B)
br2 Link encap:Ethernet Hardware Adresse 00:15:e9:f0:28:de
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:113967 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:5698350 (5.4 MiB) TX bytes:0 (0.0 B)
br3 Link encap:Ethernet Hardware Adresse 00:15:e9:f0:28:de
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:345163 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:18425150 (17.5 MiB) TX bytes:0 (0.0 B)
eth0 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b0
UP BROADCAST PROMISC MULTICAST MTU:1500 Metrik:1
RX packets:0 errors:95956 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:16 Basisadresse:0xd800
eth1 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b3
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2675879 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:186480117 (177.8 MiB)
Interrupt:17 Basisadresse:0xd880
#eth2 Management IP
eth2 Link encap:Ethernet Hardware Adresse 00:13:72:97:a1:eb
inet Adresse:172.x.x.x Bcast:172.x.x.x Maske:255.x.x.x
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX packets:14226 errors:0 dropped:0 overruns:0 frame:0
TX packets:3410 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:3115462 (2.9 MiB) TX bytes:1418366 (1.3 MiB)
Interrupt:16
#eth2 Management for Snort Webinterface
eth3 Link encap:Ethernet Hardware Adresse 00:15:e9:f0:28:de
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metrik:1
RX packets:2254583 errors:0 dropped:0 overruns:0 frame:0
TX packets:456630 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:155816954 (148.5 MiB) TX bytes:23744760 (22.6 MiB)
Interrupt:18 Basisadresse:0x8f00
eth0.16 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b0
UP BROADCAST PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0.18 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b0
UP BROADCAST PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0.24 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b0
UP BROADCAST PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0.103 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b0
UP BROADCAST PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth1.16 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b3
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:1759938 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:127115202 (121.2 MiB)
eth1.18 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b3
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:228538 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:14194407 (13.5 MiB)
eth1.24 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b3
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:228124 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:14142548 (13.4 MiB)
eth1.103 Link encap:Ethernet Hardware Adresse 00:40:9f:30:11:b3
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:459279 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:0 (0.0 B) TX bytes:31027960 (29.5 MiB)
eth3.16 Link encap:Ethernet Hardware Adresse 00:15:e9:f0:28:de
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:1645813 errors:0 dropped:0 overruns:0 frame:0
TX packets:114160 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:91099994 (86.8 MiB) TX bytes:5936320 (5.6 MiB)
eth3.18 Link encap:Ethernet Hardware Adresse 00:15:e9:f0:28:de
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:114387 errors:0 dropped:0 overruns:0 frame:0
TX packets:114158 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:5743069 (5.4 MiB) TX bytes:5936216 (5.6 MiB)
eth3.24 Link encap:Ethernet Hardware Adresse 00:15:e9:f0:28:de
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:113974 errors:0 dropped:0 overruns:0 frame:0
TX packets:114157 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:5698700 (5.4 MiB) TX bytes:5936164 (5.6 MiB)
eth3.103 Link encap:Ethernet Hardware Adresse 00:15:e9:f0:28:de
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1496 Metrik:1
RX packets:345170 errors:0 dropped:0 overruns:0 frame:0
TX packets:114155 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:18460222 (17.6 MiB) TX bytes:5936060 (5.6 MiB)
lo Link encap:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metrik:1
RX packets:53 errors:0 dropped:0 overruns:0 frame:0
TX packets:53 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:
RX bytes:3410 (3.3 KiB) TX bytes:3410 (3.3 KiB)
xxxx:~#
--------------------------
How can I check the Spanningtree by linux Maschines?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Good
Well Iptables are open so that's not the problem.
You should use iptables with 'any' or with 'eth0:vlan' interface instead the physical 'eth0'
Something like this should do the work
# iptables -i any -v
Once you see the traffic, then can try with other filters.
-regards-