*BSD News Article 80066


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!imci5!imci4!newsfeed.internetmci.com!feed1.news.erols.com!howland.erols.net!nntp.crl.com!Symiserver2.symantec.com!news
From: tedm@agora.rdrop.com
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: bpf config for tcpdump
Date: 6 Oct 1996 16:50:18 GMT
Organization: Symantec Corp.
Lines: 21
Message-ID: <538o0a$b9d@Symiserver2.symantec.com>
References: <52gl4e$osr@sisscoe.sisnet.ssku.k12.ca.us> <52tq38$kl@infinity.ping.de>
Reply-To: tedm@agora.rdrop.com
NNTP-Posting-Host: shiva1.central.com
X-Newsreader: IBM NewsReader/2 v1.2.5

In <52tq38$kl@infinity.ping.de>, gandalf@infinity.ping.de (Andre Grosse Bley) writes:
>In article <52piui$14h@newsbr.eunet.fr>,
>	fgm@osinet.fr (Frederic G. MARAND) writes:
>>>#  The `bpfilter' pseudo-device enables the Berkeley Packet Filter.  Be
>>>#  aware of the legal and administrative consequences of enabling this
>> Could you please make us aware of these legal and administrative
>> consequences, at least sketchily ?
>
>BPF allows the administrator to read the whole traffic on the LAN 
>segment his machine is connected to. 
>(you may sniff for passwords, emails, private talks and so on!)
>On the other hand it's very useful for network debugging.

As time passes this is getting less important.  Modern hubs many times have
filtering that can be installed that will block traffic from ports not intended for
addresses on that port.  Also, switching hubs block much traffic as well.

Since most medium to large networks these days are moving to a switched backbone
the sniffing needs to be done in the hub itself to be of any use.  Hence the 
popularity of RMON.