[Snort-devel] VLAN tagging
cmg at ...402...
Wed Mar 26 05:56:26 EST 2003
Keith R Kilby <krkilby at ...1875...> writes:
> I have configured the machine to use the in built 3C905 NIC or the
> Dell Cdock II docking stations NIC again a 3C905.
> The Redhat kernel has been configured to support 802.1Q VLAN tagging
> and works when tested with telnet, HTTP etc. However when I try to
> set up Snort to use the VLAN tag eg eth0.1 or eth1.1 it falls over
> with an error saying it does not recognise the device. I have read
> the archives which suggest that snort does support single depth
It supposts single depth vlanning to the extent that it will take off
the vlan tags on the raw eth0 interface.
Are you sure you shouldn't be using the eth1:1 interface? Not sure
how linux handles that. If you can,
do tcpdump -i eth1:1 -s 65535 -w vlan-eth1:1.cap for a few packets
mail that to me so I could test with it if tcpdump supports it.
Chris Green <cmg at ...402...>
Laugh and the world laughs with you, snore and you sleep alone.
More information about the Snort-devel