[Zeek] Using af_packet in a host with two nics
Patrick P Murphy
pmurphy+bro at nrao.edu
Tue Jan 29 12:36:27 PST 2019
On Tue, 29 Jan 2019 19:09:41 +0000, Carlos Lopez <clopmz at outlook.com> said:
> On 29/01/2019, 19:37, "Patrick P Murphy" <pmurphy at nrao.edu> wrote:
PM> Carlos Lopez <clopmz at outlook.com> writes:
CL> Uhmm ... I have changed my config to:
CL> [prod-ids]
CL> type=worker
CL> host=172.22.58.2
CL> interface=af_packet::eth2
CL> af_packet_fanout_id=5
CL> #
CL> [dmz-ids]
CL> type=worker
CL> host=172.22.58.2
CL> interface=af_packet::eth3
CL> af_packet_fanout_id=10
PM> This may be a totally dumb/naive question, but... why do the
PM> interfaces have the same IP address?
CL> Because this host has two network interfaces ....
I have many such boxes (for other purposes). Each interface has a
unique IP address, and associated hostnames, e.g.,
polaris for XXX.XXX.115.101 on interface em1
polaris-10g for YYY.YYY.3.13 on interface p5p1
Even if the two interfaces are on the same VLAN (they are not in my
example) I would think you want separate IP addresses for them.
- Pat
--
Patrick P. Murphy, Ph.D. https://www.nrao.edu/~pmurphy/
Info Services Site Manager NRAO Information Security Officer
More information about the Zeek
mailing list