From owner-freebsd-questions  Wed Dec  2 13:28:51 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA06887
          for freebsd-questions-outgoing; Wed, 2 Dec 1998 13:28:51 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA06870
          for <freebsd-questions@freebsd.org>; Wed, 2 Dec 1998 13:28:47 -0800 (PST)
          (envelope-from ben@scientia.demon.co.uk)
Received: from ben by scientia.demon.co.uk with local (Exim 2.054 #3)
	id 0zlJ5U-0000MZ-00; Wed, 2 Dec 1998 20:41:28 +0000
Date: Wed, 2 Dec 1998 20:41:28 +0000
From: Ben Smithurst <ben@scientia.demon.co.uk>
To: Roman Katsnelson <roman@atlas-design.net>
Cc: "q's" <freebsd-questions@FreeBSD.ORG>
Subject: Re: sniffer
Message-ID: <19981202204128.A1283@scientia.demon.co.uk>
References: <36657AD5.1F79504B@atlas-design.net> <19981202200327.C366@scientia.demon.co.uk> <3665A44D.C8DDB6A@atlas-design.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <3665A44D.C8DDB6A@atlas-design.net>
User-Agent: Mutt/0.94.17i (FreeBSD/3.0-CURRENT)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Roman Katsnelson wrote:

> > > and being that this is a custom kernel on a live and important web
>                    ^^^^^^^^^^^^^^^^^^^^^^^       
> > You think the GENERIC kernel, with lots of unneeded bloat, is better
>                 ^^^^^^^^^^^^^^
> 
> No, I was saying that we already have a custom kernel.

Oh, oops, I thought you meant if you did change it, _then_ it would be a
custom kernel. Sorry 'bout that.

> But do I understand correctly, tcpdump doesn't need any additions to
> the kernel?

It needs `pseudo-device bpfilter n' for some suitable value of n, 4 for
example. Maybe you already have this. You also need to make the
/dev/bpf* nodes with MAKEDEV.

> It just needs to be setuid root?

Probably a bad idea. No-one except root should ever have to run it;
would you really want your average luser running it and seeing packets
going in and out of your machine?

-- 
Ben Smithurst
ben@scientia.demon.co.uk

send a blank message to ben+pgp@scientia.demon.co.uk for PGP key

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message