Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to see all traffic on all interfaces?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    7 Posts 4 Posters 521 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thompsonm
      last edited by

      Hi, I want to copy all traffic on all interfaces to another one, and have snort listening. Basically I want to create a SPAN port for all interfaces and VLANs on the firewall, because I only want one instance of snort running. I do this on my switch with a SPAN port, I figure there must also be a way to do it in the firewall. I tried creating an bridge, with all the interfaces as members and one unused one as the SPAN port. I must not really understand what a bridge is because I only am able to see broadcast traffic. Is there a way to see all the traffic?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        a firewall is not a switch.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • T
          thompsonm
          last edited by

          I don't really get it.. I feel like there should be a way to do it. Otherwise I need to have like 3 or 4 instances of snort running. Also on other forums it's hinting at a way of being able to do it with a bridge, I just don't really understand how or what the purpose of a bridge is.

          1 Reply Last reply Reply Quote 0
          • chpalmerC
            chpalmer
            last edited by

            @thompsonm:

            I don't really get it.. I feel like there should be a way to do it.

            I just don't really understand how or what the purpose of a bridge is.

            Yes it is possible.

            Think of your standard desktop switch as a bridge.  A MAC bridge..  Your trying to build a type of managed switch by using pfsense as the OS.

            Triggering snowflakes one by one..
            Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

            1 Reply Last reply Reply Quote 0
            • T
              thompsonm
              last edited by

              Can you elaborate a little bit? You're not being very clear. I just want to know, in a setup with multiple VLANs, WANs, and multiple physical NICs, is there a way to have only instance of snort running?

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                No.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • NogBadTheBadN
                  NogBadTheBad
                  last edited by

                  @thompsonm:

                  Can you elaborate a little bit? You're not being very clear. I just want to know, in a setup with multiple VLANs, WANs, and multiple physical NICs, is there a way to have only instance of snort running?

                  Run snort on each parent interface, it picks up all the vlan traffic.

                  Andy

                  1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.