Tcpdump/Iptables on bridge interface without assigned IP address

Question

I have set up a bridge interface without an ip on it.

$ brctl addbr br0
$ brctl addif tap0
$ brctl addif tap1
$ ifconfig br0 up

As seen above, this bridge is connecting 2 TAP interfaces setup through openvpn.

I am able to ping and send traffic between the 2 TAP interfaces without any problems however whenever I try to tcpdump the bridge interface I cannot see any traffic going through.

Is this because the bridge interface has no IP assigned to it? Is there any way around it so one can see the traffic (and potentially block through iptables or something like it) in the bridge interface without having to assign an ip to the bridge interface?

Edit your post with the exact ping command you are using, interfaces IPs and existing routes. — Xavier Lucas, May 20 '15 at 21:13
I don't know if this is helpful, but a bridge interface will only see traffic one way in a packet capture. You would be better to perform a packet capture on the bridge port interfaces, i.e `tap0` and `tap1` — suprjami, May 21 '15 at 11:37

score 3 · Accepted Answer · answered May 19 '15 at 09:27

3

If you can ping, there is traffic in your bridged interface. You can watch the traffic using the appropriate options of tcpdump:

tcpdump -elnXXi br0

In the same way, you can totally filter this traffic using iptables, taking into account that it will only operate to the IP layer. You would need ebtables if you need to filter traffic on layer 2 (Ethernet)

answered May 19 '15 at 09:27

philippe

2,303
4
32
53

Tried it but still no traffic shown – ByteFlinger May 19 '15 at 12:50
what does the ``brctl show`` command return? – philippe May 19 '15 at 15:08
Turns out I was wrong due to working in containers and the traffic was actually going outside the vpn. It worked as expected. Thank you – ByteFlinger May 22 '15 at 15:59

Tcpdump/Iptables on bridge interface without assigned IP address

1 Answers1

Linked