Date: Thu, 3 Aug 2023 10:18:55 -0700 From: Bakul Shah <bakul@iitbombay.org> To: Zane C B-H <v.velox@vvelox.net> Cc: net@freebsd.org Subject: Re: Is there a FreeBSD equivalent of 'tcpdump -i any' from Linux? Message-ID: <196DA088-B99A-4A54-B06F-ACA0641C7559@iitbombay.org> In-Reply-To: <826851ce2108b23515f81a8aca8d9b0e@vvelox.net> References: <826851ce2108b23515f81a8aca8d9b0e@vvelox.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Not quite what you asked for but I recently found = https://github.com/gcla/termshark -- it seems to be like wireshark but = for a terminal window. Like tcpdump it has the -D option that will = return a list of interfaces. If you are handy with go programming, you = may wish to consider enhancing it to listen to multiple interfaces. It = is under 1400 lines of code. May be you can use one goroutine per = interface and then each can feed packets to the display goroutine over a = go channel. [I haven't actually dug into the code, but this is how I = would go about it -- but first check that libpcap is reentrant] > On Aug 1, 2023, at 11:21 AM, Zane C B-H <v.velox@vvelox.net> wrote: >=20 > So what is a good way to get all packets passing through that the = kernel currently sees? Apparently any is not support on non-Linux = systems and pflog would require adding log to all rules. Similarly only = logs packets that match a rule. >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?196DA088-B99A-4A54-B06F-ACA0641C7559>