From owner-freebsd-security Wed Dec 11 01:11:47 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id BAA28067 for security-outgoing; Wed, 11 Dec 1996 01:11:47 -0800 (PST) Received: from relay.nuxi.com (nuxi.cs.ucdavis.edu [128.120.56.38]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id BAA28061 for ; Wed, 11 Dec 1996 01:11:44 -0800 (PST) Received: (from obrien@localhost) by relay.nuxi.com (8.7.5/8.6.12) id BAA07851; Wed, 11 Dec 1996 01:12:00 -0800 (PST) Message-ID: Date: Wed, 11 Dec 1996 01:11:56 -0800 From: obrien@NUXI.com (David E. O'Brien) To: msmith@atrad.adelaide.edu.au (Michael Smith) Cc: security@freebsd.org Subject: Re: Risk of having bpf0? (was URGENT: Packet sniffer found on my system) References: <199612110627.XAA00240@obie.softweyr.com> <199612110634.RAA22676@genesis.atrad.adelaide.edu.au> X-Mailer: Mutt 0.53 Mime-Version: 1.0 X-PGP-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Keyid: 34F9F9D5 In-Reply-To: <199612110634.RAA22676@genesis.atrad.adelaide.edu.au>; from Michael Smith on Dec 11, 1996 17:04:36 +1030 Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Tcpdump does all this and lots more; the filter language is pretty powerful. > > The fact that it knows how to interpret lots of protocols and that you > can extend it (courtesy of the source and an easy internal interface) > puts it over anyuthing else I've seen yet. Except for Solaris's snoop. The output is *SO* much nicer than tcpdumps. If you ever get a chance try snoop -v or snoop -V. -- -- David (obrien@cs.ucdavis.edu)