From owner-freebsd-questions Wed Jun 23 7:51: 6 1999 Delivered-To: freebsd-questions@freebsd.org Received: from cartman.weeble.dyndns.org (ubppp233-44.dialin.buffalo.edu [128.205.233.44]) by hub.freebsd.org (Postfix) with ESMTP id 4B27515303 for ; Wed, 23 Jun 1999 07:50:49 -0700 (PDT) (envelope-from cjm2@earthling.net) Received: from shithead (cjm2@shithead.weeble.dyndns.org [10.0.0.2]) by cartman.weeble.dyndns.org (8.9.3/8.9.3) with SMTP id KAA07772; Wed, 23 Jun 1999 10:50:40 -0400 (EDT) (envelope-from cjm2@earthling.net) From: "Christopher J. Michaels" To: , Subject: RE: /dev/bpf0, modload ? Date: Wed, 23 Jun 1999 10:50:40 -0400 Message-ID: <000001bebd87$c2f62b20$0200000a@shithead.weeble.dyndns.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <19990623110535.24506.qmail@cotdazr.org> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of efb@cotdazr.org Sent: Wednesday, June 23, 1999 7:06 AM To: questions@FreeBSD.ORG Cc: efb@cotdazr.org Subject: /dev/bpf0, modload ? Trying to build a shadow intrusion detector on FreeBSD 2.2.8. It relies upon several pieces ( www.nswc.navy.mil/ISSEC/CID ) which are libpcap, a BPF interface, and tcpdump .. WHICH someone here prolly knows is dependent upon /dev/bpfN .. That is good for the experienced kernel savvy folk .. but I have to plead ignorance . . I remember that my F.BSD 2.0.5 did NOT as I got it support BPF .. so I will guess when I ls -l /dev/bpf0 and find a device present but try to run tcpdump (as root ) and get a tcpdump: /dev/bpf0: Device not configured message .. I will guess I need to find some knowledgebase docs on how to rebuild the kernel to include the /dev/bpfN .. NOT too obvious from /sys/...conf/GENERIC and friends ... True but if you look in /src/src/sys/i386/conf/LINT, it IS in there. pseudo-device bpfilter 4 #Berkeley packet filter ^^- That's all you need to add to the kernel config. DONT suppose I can modload what I need ? Nope... SO .. PLEASE send me to the right hacks list .. thanks /Everett/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message