Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.ysu.edu!news.radio.cz!newsbastard.radio.cz!news.radio.cz!CESspool!news.apfel.de!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!newsfeed.internetmci.com!news.emeraldis.com!david From: david@emeraldis.com (David G. Cannon) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: tcpdump on 2.1.5 Date: Thu, 24 Apr 1997 01:01:44 GMT Organization: Emerald Internet Services Lines: 30 Message-ID: <5jmcl7$26m@opal.emeraldis.com> References: <5jj214$2o6@opal.emeraldis.com> <xkqsp0iaeie.fsf@platinum.com> NNTP-Posting-Host: david.emeraldis.com X-Newsreader: News Xpress 2.01 Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:39659 Thanks for the great answers! That's what I needed to know. *David* In article <xkqsp0iaeie.fsf@platinum.com>, Brian Clapper <clapper@platinum.com> wrote: > > It doesn't matter what the device file looks like if the driver isn't in > the kernel. You need to add the `pseudo-device bpfilter' directive to your > kernel configuration. The FreeBSD handbook describes this parameter as > follows: > > pseudo-device bpfilter number > > Berkeley packet filter. This pseudo-device allows network > interfaces to be placed in promiscuous mode, capturing > every packet on a broadcast network (e.g. an > ethernet). These packets can be captured to disk and/or > examined with the tcpdump(1) program. Note that > implementation of this capability can seriously compromise > your overall network security. The number after bpfilter is > the number of interfaces that can be examined > simultaneously. Optional, not recommended except for those > who are fully aware of the potential pitfalls. Not all > network cards support this capability. > > If you don't know how to build a custom kernel, read the section of the > handbook entitled `Configuring the FreeBSD Kernel', currently located at > http://www.freebsd.org/handbook/handbook33.html#41