Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!news.maxwell.syr.edu!ix.netcom.com!news.platinum.com!not-for-mail From: Brian Clapper <clapper@platinum.com> Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: tcpdump on 2.1.5 Date: 22 Apr 1997 18:17:45 -0400 Organization: PLATINUM technology, Inc Lines: 38 Message-ID: <xkqsp0iaeie.fsf@platinum.com> References: <5jj214$2o6@opal.emeraldis.com> NNTP-Posting-Host: conch.ab.platinum.com X-Newsreader: Gnus v5.3/Emacs 19.34 Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:39552 david@emeraldis.com (David G. Cannon) writes: > Here's what I get when I try to use tcpdump: > > tcpdump: /dev/bpf0: Device not configured > > Here's what /dev/bpf0 looks like: > > crw-r----- 1 root wheel 23, 0 Sep 23 1996 /dev/bpf0 > > Any ideas? It doesn't matter what the device file looks like if the driver isn't in the kernel. You need to add the `pseudo-device bpfilter' directive to your kernel configuration. The FreeBSD handbook describes this parameter as follows: pseudo-device bpfilter number Berkeley packet filter. This pseudo-device allows network interfaces to be placed in promiscuous mode, capturing every packet on a broadcast network (e.g. an ethernet). These packets can be captured to disk and/or examined with the tcpdump(1) program. Note that implementation of this capability can seriously compromise your overall network security. The number after bpfilter is the number of interfaces that can be examined simultaneously. Optional, not recommended except for those who are fully aware of the potential pitfalls. Not all network cards support this capability. If you don't know how to build a custom kernel, read the section of the handbook entitled `Configuring the FreeBSD Kernel', currently located at http://www.freebsd.org/handbook/handbook33.html#41 -- Brian Clapper, clapper@platinum.com CChheecckk yyoouurr dduupplleexx sswwiittcchh.. -- Randall Garrett