I am in the process of adding a machine running Snort to my network and I am having problems getting it to work correctly. My problem is that I bought a network tap (Finisar UTP/1) and have connected the ports (A and B) to the link in between my internet router and firewall. I then connected the tap ports to 2 different nics on a machine running 4.6 and Snort 1.9.0. Now the problem is that snort will only watch one interface so i cant tell it to watch both directions of traffic. I believe that there is a way to use netgraph to bind the 2 interfaces connected to the network tap together so that I can use snort to monitor both directions of traffic, but Im not too sure on how to do it. I have tried using nf_fec and ng_one2many, but i have had no luck with either one. So my question is this: Does anyone know of a way to bind 2 nics together so that I can use Snort to monitor ALL traffic coming in on both of them? If it matters, I am not assigning an ip address to the nics either. Thanks in advance.
To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
