Differences

This shows you the differences between two versions of the page.

--- software:linux:duelethernetports [2014/07/21 19:06] – created superwizard
+++ software:linux:duelethernetports [2020/10/04 17:20] (current) – [Bridging] superwizard
@@ Line 33: / Line 33: @@
 ===== Bridging =====
+<WRAP center round box >
 , for example, links the two network adapters so that Ethernet frames flow freely between them, just as if they were connected on a simple hub. All of the traffic heard on one interface is passed through to the other.
@@ Line 46: / Line 47: @@
 You can then attach as many computers, hub, switches, and other devices as you want through the machine's Ethernet port, and they will all be able to see and communicate with each other. On the downside, if you have a lot of traffic, your computer will spend some extra energy passing all of those Ethernet frames back and forth across the two adapters.
+</WRAP>
+<WRAP center round box >
+-07-16
+Bridging networks
+Packets not moving through linux ethernet bridge
+From <https://unix.stackexchange.com/questions/272146/packets-not-moving-through-linux-ethernet-bridge>
+This is a quite old question, but it might be helpful for others.
+Linux bridge might drop packages, if not configured correctly. I had a likewise problem and could solve it with the following information:
+	• https://serverfault.com/questions/347676/linux-bridge-brctl-is-dropping-packets
+	• https://superuser.com/questions/1211852/why-linux-bridge-doesnt-work
+In short, there are options to configure the bridge: e.g.
+# do not query iptables for package routing
+echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables
+# no additional processing for multicast packages
+echo 0 > /sys/devices/virtual/net/br0/bridge/multicast_querier
+echo 0 > /sys/devices/virtual/net/br0/bridge/multicast_snooping
+From <https://unix.stackexchange.com/questions/272146/packets-not-moving-through-linux-ethernet-bridge>
+echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables
+echo 0 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
+Linux: Disabling Multicast snooping on bridges
+Snooping should be enabled on either the router / switch or on the linux bridge, but it may not work if enabled on both. If you have a hosting provider that has igmp snooping enabled on the multicast switch, it may be necessary to disable snooping on the linux bridge. In that case use:
+  post-up ( echo 1 > /sys/devices/virtual/net/$IFACE/bridge/multicast_querier )
+  post-up ( echo 0 > /sys/class/net/$IFACE/bridge/multicast_snooping )
+From <https://pve.proxmox.com/wiki/Multicast_notes>
+Default for OpenSuse 15.1
+for  /sys/devices/virtual/net/br0/bridge/multicast_querier
+for /sys/devices/virtual/net/br0/bridge/multicast_snooping
+Bring the bridge up
+Like the Ethernet interfaces, the bridge will not become operational until it is brought into the ‘up’ state. This can be done for all three of these devices using the ifconfig command:
+ifconfig eth0 up
+ifconfig eth1 up
+ifconfig br0 up
+From <http://www.microhowto.info/howto/bridge_traffic_between_two_or_more_ethernet_interfaces_on_linux.html>
+.1. Using "ip"
+Usage:
+# ip link set dev <interface> up
+# ip link set dev <interface> down
+Example:
+# ip link set dev eth0 up
+# ip link set dev eth0 down
+From <https://tldp.org/HOWTO/Linux+IPv6-HOWTO/ch05s02.html>
+D.3. tcpdump: Capturing with “tcpdump” for viewing with Wireshark
+It’s often more useful to capture packets using tcpdump rather than wireshark. For example, you might want to do a remote capture and either don’t have GUI access or don’t have Wireshark installed on the remote machine.
+Older versions of tcpdump truncate packets to 68 or 96 bytes. If this is the case, use -s to capture full-sized packets:
+$ tcpdump -i <interface> -s 65535 -w <file>
+You will have to specify the correct interface and the name of a file to save into. In addition, you will have to terminate the capture with ^C when you believe you have captured enough packets
+From <https://www.wireshark.org/docs/wsug_html_chunked/AppToolstcpdump.html>
+Comments
+https://www.wireshark.org/docs/man-pa... json JSON file format. It can be used with -j or -J including the JSON filter or with -x option to include raw hex-encoded packet data. Example of usage:
+  tshark -T json -r file.pcap
+  tshark -T json -j "http tcp ip" -x -r file.pcap
+From <https://ask.wireshark.org/question/12850/command-line-tshark-json-and-packet-details-all-expanded/>
+Visualizing Packet Captures For Fun and Profit
+Filed under: Log Analysis,Visualization — @ 21st of March 2012, 13:26
+Have you ever collected a packet capture and you needed to know what the collected traffic is about? Here is a quick tutorial on how to use AfterGlow to generate link graphs from your packet captures (PCAP).
+I am sitting at the 2012 Honeynet Project Security Workshop. One of the trainers of a workshop tomorrow just approached me and asked me to help him visualize some PCAP files. I thought it might be useful for other people as well. So here is a quick tutorial.
+From <https://raffy.ch/blog/2012/03/21/visualizing-packet-captures-for-fun-and-profit/>
+</WRAP>
 ===== Firewalling and gateway-ing =====