Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!imci5!imci4!newsfeed.internetmci.com!feed1.news.erols.com!howland.erols.net!nntp.crl.com!Symiserver2.symantec.com!news From: tedm@agora.rdrop.com Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: bpf config for tcpdump Date: 6 Oct 1996 16:50:18 GMT Organization: Symantec Corp. Lines: 21 Message-ID: <538o0a$b9d@Symiserver2.symantec.com> References: <52gl4e$osr@sisscoe.sisnet.ssku.k12.ca.us> <52tq38$kl@infinity.ping.de> Reply-To: tedm@agora.rdrop.com NNTP-Posting-Host: shiva1.central.com X-Newsreader: IBM NewsReader/2 v1.2.5 In <52tq38$kl@infinity.ping.de>, gandalf@infinity.ping.de (Andre Grosse Bley) writes: >In article <52piui$14h@newsbr.eunet.fr>, > fgm@osinet.fr (Frederic G. MARAND) writes: >>># The `bpfilter' pseudo-device enables the Berkeley Packet Filter. Be >>># aware of the legal and administrative consequences of enabling this >> Could you please make us aware of these legal and administrative >> consequences, at least sketchily ? > >BPF allows the administrator to read the whole traffic on the LAN >segment his machine is connected to. >(you may sniff for passwords, emails, private talks and so on!) >On the other hand it's very useful for network debugging. As time passes this is getting less important. Modern hubs many times have filtering that can be installed that will block traffic from ports not intended for addresses on that port. Also, switching hubs block much traffic as well. Since most medium to large networks these days are moving to a switched backbone the sniffing needs to be done in the hub itself to be of any use. Hence the popularity of RMON.