Centos 6.4, bnx2 in promiscuous mode does not see packets

[Giles Coochey <giles () coochey net>]

Hi,

I hope someone can help me, I cannot seem to get a system's ethernet 
interface to correctly work in promiscuous mode...

I have a Centos 6.4 system with 2 bnx2 interfaces on it.

I have set up eth1 in promiscuous mode and am sending traffic to it 
using the port mirroring configuration on a Nortel 3510-24T switch.
The switch reports that it is sending a fair amount of traffic to the 
mirror port.

However, within Centos 6.4, I only see broadcast traffic from the switch:

[root@host eth1]# ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 00:19:B9:E2:30:AE
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500 Metric:1
          RX packets:75 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4800 (4.6 KiB)  TX bytes:0 (0.0 b)

I have tried various options configuring eth1 via 
/etc/sysconfig/networking/devices/ifcfg-eth1

Currently it looks like this:

DEVICE=eth1
BOOTPROTO=static
HWADDR=00:19:B9:E2:30:AE
#NM_CONTROLLED=no
ONBOOT=yes
TYPE=Ethernet
#UUID="e753ec9b-fc35-4460-bcd1-87f26f8d1553"
IPV6INIT=no
USERCTL=no
PROMISC=yes

I have also tried to manually put the interface in promiscuous mode (as 
I think PROMISC=yes is deprecated):

ifconfig eth1 promisc

It shows as being in promiscuous mode via ifconfig...

The relevant parks of bootup / system messages:

bnx2: Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.2.3 (June 
27, 2012)
bnx2 0000:05:00.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
bnx2 0000:05:00.0: firmware: requesting bnx2/bnx2-mips-06-6.2.3.fw
bnx2 0000:05:00.0: firmware: requesting bnx2/bnx2-rv2p-06-6.0.15.fw
bnx2 0000:05:00.0: eth0: Broadcom NetXtreme II BCM5708 1000Base-T (B2) 
PCI-X 64-bit 133MHz found at mem f8000000, IRQ 16, node addr 
00:19:b9:e2:30:ac
bnx2 0000:09:00.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
bnx2 0000:09:00.0: firmware: requesting bnx2/bnx2-mips-06-6.2.3.fw
bnx2 0000:09:00.0: firmware: requesting bnx2/bnx2-rv2p-06-6.0.15.fw
bnx2 0000:09:00.0: eth1: Broadcom NetXtreme II BCM5708 1000Base-T (B2) 
PCI-X 64-bit 133MHz found at mem f4000000, IRQ 16, node addr 
00:19:b9:e2:30:ae
bnx2 0000:05:00.0: irq 95 for MSI/MSI-X
bnx2 0000:05:00.0: eth0: using MSI
bnx2 0000:05:00.0: eth0: NIC Copper Link is Up, 1000 Mbps full duplex
bnx2 0000:09:00.0: irq 96 for MSI/MSI-X
bnx2 0000:09:00.0: eth1: using MSI
bnx2 0000:09:00.0: eth1: NIC Copper Link is Up, 1000 Mbps full duplex, 
receive & transmit flow control ON
bnx2 0000:05:00.0: irq 95 for MSI/MSI-X
bnx2 0000:05:00.0: eth0: using MSI
bnx2 0000:05:00.0: eth0: NIC Copper Link is Up, 1000 Mbps full duplex
bnx2 0000:09:00.0: irq 96 for MSI/MSI-X
bnx2 0000:09:00.0: eth1: using MSI
bnx2 0000:09:00.0: eth1: NIC Copper Link is Up, 1000 Mbps full duplex, 
receive & transmit flow control ON

Does anyone have any ideas?

Thanks

Giles

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!