[Snort-users] Kernel complaint about MAC being seen on multiple interfaces
tsevy at ...1701...
Wed Apr 4 07:37:50 EDT 2001
I also posted this to comp.unix.bsd.freebsd.misc but have not seen any
responses yet, hoping someone here may have an answer.
FreeBSD 4.2-Release, setup as Snort to monitor on four different NICs.
One NIC has an IP assigned to it (tl0), and three others (dc0, dc1, dc2) are
set to up, but *no
IP address* on them (confirmed with ifconfig). This is done because each
goes into a catalyst switch with port monitoring (port mirror or span)
setup on the same subnet.
Syslog is showing that a given MAC is being seen by three NICs. This MAC
belongs to an Alteon Web Switch. It is the hard IP/MAC and not the Virtual
IP/MAC. Is it safe to ignore this? Of is there anything that can be
configured in the kernel to ignore this scenario?
More information about the Snort-users