From owner-freebsd-questions Thu Dec 3 12:14:44 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA16194 for freebsd-questions-outgoing; Thu, 3 Dec 1998 12:14:44 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.144.32]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA16188 for ; Thu, 3 Dec 1998 12:14:40 -0800 (PST) (envelope-from dwhite@resnet.uoregon.edu) Received: from localhost (dwhite@localhost) by resnet.uoregon.edu (8.8.8/8.8.8) with ESMTP id MAA03509; Thu, 3 Dec 1998 12:13:49 -0800 (PST) (envelope-from dwhite@resnet.uoregon.edu) Date: Thu, 3 Dec 1998 12:13:49 -0800 (PST) From: Doug White To: jm7996@devrycols.edu cc: Roman Katsnelson , Ben Smithurst , "q's" Subject: Re: sniffer In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 3 Dec 1998, James A. Mutter wrote: > > No, I was saying that we already have a custom kernel. And it was kind > > of a pain to compile, and it finally works and I'd just rather not touch > > it. But I guess I *could* keep it around anyway. I don't know. But do I > > understand correctly, tcpdump doesn't need any additions to the kernel? > > It just needs to be setuid root? > > No - tcpdump requires that the NIC be in promiscous mode. You need to > enable bpfilter in the kernel - there just isn't any way around it. [pedantic mode ON] Actually, tcpdump will be perfectly happy in normal mode; you'll only see broadcast packets and packets destined for the local host. See the -p option. That doesn't prevent other processes from putting the NIC in promiscuous mode, however; it just squashes the ioctl. Doug White Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve http://gladstone.uoregon.edu/~dwhite | www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message