brctl setageing <bridgename> 0
This command tells Linux to forget every MAC address that it sees on
the bridge, making it act as a hub.
Lets say you have a vmbr0 with eth0 and tap0 in it and have a VM started with attached tap0 (or you choose it as vmbr0). If you link eth0 to your switch's mirroring port you wont RX a great deal of the traffic because usually linux bridge acts as switch and does not recognize the VM as endpoint for the traffic.
Above command will give you a way to have a VM that listens a mirrored port (so NIDS could be on VM).
You are welcome!
Няма коментари:
Публикуване на коментар