I've given these details in minimal depth a few other places, but I wanted a place that would have explicit details on not only how to enable a network interface in HiPPIE, but furthermore what that means once it's done.  No matter whether your system is active or passive, you'll need to do this at least once.  On older versions of HiPPIE (0.9.0 and non-release versions), HiPPIE could only read packets inbound to a network interface.  However, that is no longer the case as of HiPPIE 0.9.1.  However, this behavior can still be imitated in 0.9.1.  

So, should you be trying to build a passive system, you should only set it up to receive packets inbound to the system, since there shouldn't be any packets going back.  You can read about this further in the proc documentation, but what you'll need to do is set the interfaces proc interface (/proc/net/hippie/interfaces/[ifname]) to 1. 

However, you've now got a choice with active systems.  Obviously, if your system is sitting inline between other devices, whether it's a router or a bridge, packets must come in from one network interface on one side, and a different network interface on the other side.  And if you enable HiPPIE on both interfaces for inbound reading only (1), one on each side, you'll see both sides of all conversations and still be able to actively track all of your traffic.  Or should you for example have a setup where you are using NAT, then you will have problems with packets being at different addresses on different sides, and you'll instead want to set one side or the other to do both inbound and outbound packet reading.  This is accomplished by setting the interface proc file (/proc/net/hippie/interfaces/[ifname]) to 2.

Back to Documentation.