bridging ethernet interfaces under OS X

So, one of our domain printers was acting up and the printer department wanted me to sniff all the packets to and from the printer. So far so good, usually you could use a hub (still got one around? neither do I), or for example a switch with a monitoring or promiscuous port (not available? Welcome to the club!). Ok, now I could start arp spoofing the printer, but was too lazy to do that, besides: we have intrusion prevention up and running…

Take a good look at your machine. Is it a portable laptop like mine? Does it have any flavor of Unix or Linux on it? Well, so does mine, in this case Apple OS X (10.8.2). There’s got to be a way to bridge two ethernet interfaces, connect myself to the network and let the printer talk to the world through my laptop? You betcha!

Here’s what I did:

  • grab one of those USB or Thunderbolt Ethernet Adapters
  • ifconfig // to find out which interface is which
  • sudo ifconfig en3 up // bring up the USB/Thunderbolt adapter, or it won’t work!
  • sudo ifconfig bridge0 create
  • sudo ifconfig bridge0 up
  • sudo ifconfig bridge0 addm en0 addm en3
  • sudo sysctl -w net.inet.ip.forwarding=1

It works! Now we can sniff away with tcpdump or wireshark for example, and are sure that no packet is going to escape us…

And to undo what we just did:

  • sudo ifconfig bridge0 down
  • sudo ifconfig bridge0 deletem en0 deletem en3
  • sudo ifconfig bridge0 destroy
  • sudo sysctl -w net.inet.ip.forwarding=0

Many thanks to Chrissy from netnerds, who set me on the right track with her post about NAT on OS X :-)

About these ads

4 thoughts on “bridging ethernet interfaces under OS X

  1. Pingback: » OS X: How to Setup NAT on Lion and Mountain Lion

  2. Question; is bridging the wireless and the ethernet supposed to be the same syntax, substituting en1 (built in wireless) for en3 (the usb adapter)?

    The basic setup:
    Router (192.168.0.1)
    \-server (192.168.0.100)
    \-10.7 Macbook via wifi
    \-Raspberry Pi via ethernet from the Macbook

    The hope is to have it set up that the Pi asks for DHCP from .1, obtains, and then carries on as part of the subnet.

    After following the steps (with the one substitution), there are 169 addresses on both the internal ethernet and the raspberry. Ping does not work (didn’t expect it to), but samba does.

    It feels like there’s something important missing…

    • Hi,

      as far as I understand it you want to share your WLAN the MacBook is connected to with your Raspberry Pi, right?!
      Then these directions should be enough.
      Have you tried “up”ing the interfaces before creating the bridge?
      Maybe you don’t need a real bridge and a NAT with it’s own subnet would suffice? Then try Internet Connection Sharing on your Mac.

      You might be lucky with Chrissy’s post from NetNerds:

      Good luck!

      • To provide some closure:

        I went through both posts, and any other shreds of info I could find (your post and hers are easily the most definitive source), and I did get it working… Kind of.

        I’m no stranger to basic networking, but even when it worked there seemed to be an element of voodoo; it would even stop working when I had not touched either the MacBook or the raspberry for a couple of minutes, and multiple reboots did not help either.

        Unfortunately the app I was testing required both the client and the server to be on the same subnet.

        To solve the problem, I turned to a nano-wifi adapter, and was pleasantly surprised to find that the distribution I was using on the raspberry had drivers installed already. Plug and play the right way.

        So, to sum up; spent at least 4-5 hours struggling with the very tempermental network sharing in osx 10.7, then just brought the raspberry to the wifi network with a nano 802.11abgn USB adapter for $17.99.

        Cheers, and thanks! Learned some great info here, even if it didn’t pan out for this particular problem :)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s