I don't really know - it's sort of the back of my mind talking here... I seem to remember that there was a kernel patch in the bridge code. If you didn't have that patch, then the packets were grabbed for the bridge before the various filtering and other processes (such as libpcap) saw them. With that patch, the tools saw the packets.
I don't see it in the 'Patch-o-Matic' at http://www.netfilter.org/, not even in obsolete. Googling for libpcap linux bridge didn't find anything obvious. I guess somebody will have to test this. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Arnt Karlsen Sent: Thursday, August 07, 2003 11:03 AM To: [EMAIL PROTECTED] Subject: Re: [Ntop] ntop port ..does /dev/br0 work now in ntop? I seem to remember winding up with listening to either of the 2 bridge nics thru the 3'rd _non_-bridge nic, which _had_ an ip. ;-) ..to view traffic coming the same way as the firewall sees it, simply watch the bridge's external nic. -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
