From owner-freebsd-questions  Fri Aug 10  0:33:45 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131])
	by hub.freebsd.org (Postfix) with ESMTP id 9BF9E37B405
	for <freebsd-questions@freebsd.org>; Fri, 10 Aug 2001 00:33:41 -0700 (PDT)
	(envelope-from ryan@sasknow.com)
Received: from localhost (ryan@localhost)
	by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id BAA62856;
	Fri, 10 Aug 2001 01:33:40 -0600 (CST)
	(envelope-from ryan@sasknow.com)
Date: Fri, 10 Aug 2001 01:33:40 -0600 (CST)
From: Ryan Thompson <ryan@sasknow.com>
To: Wing Tim <twchim1@hotmail.com>
Cc: freebsd-questions@freebsd.org
Subject: Re: Snoop configuration
In-Reply-To: <F2037EjQxzmWecm9t0C00004d1a@hotmail.com>
Message-ID: <Pine.BSF.4.21.0108100129060.56968-100000@ren.sasknow.com>
Organization: SaskNow Technologies [www.sasknow.com]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Wing Tim wrote to ryan@sasknow.com:

> Hi, Ryan,
>   But how should I enable this snoop (bpf) in the kernel? Also what steps I 
> need to start it?
>   Thanks!

Hi Wing,

If you're using 4.x (I believe you are), then bpf is already enabled in
the kernel. You should already be able to run tcpdump as root. If the bpf
devices don't already exist, run the following commands:

	cd /dev
	sh MAKEDEV bpf*

If you're running a version of FreeBSD prior to 4.0, you'll need to enable
the bpfilter pseudo device in the kernel. This isn't so bad. Add:

	pseudo-device	bpfilter	4

to your kernel configuration, rebuild/install, and reboot. Again, this
step only applies to older versions of FreeBSD that do not have bpf
compiled in by default.

- Ryan

> 
> Regards,
> Wing
> 
> 
> 
> >From: Ryan Thompson <ryan@sasknow.com>
> >To: Wing Tim <twchim1@hotmail.com>
> >CC: freebsd-questions@freebsd.org
> >Subject: Re: Snoop configuration
> >Date: Thu, 9 Aug 2001 23:58:47 -0600 (CST)
> >
> >Wing Tim wrote to ryan@sasknow.com:
> >
> > > Hi, Ryan,
> > >   Thank you very much for your reply! Then can I still use the snoop
> > > protocol in FreeBSD with tcpdump? That is, can I snoop data going to a
> > > particular interface?
> > >   Thanks!
> >
> >Yes, but in FreeBSD, this is done with the Berkeley Packet Filter (bpf).
> >See bpf(4) for a background, but, in particular, see tcpdump(1).
> >
> >- Ryan
> >
> >
> > > Regards,
> > > Wing


-- 
  Ryan Thompson <ryan@sasknow.com>
  Network Administrator, Accounts

  SaskNow Technologies - http://www.sasknow.com
  #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2

        Tel: 306-664-3600   Fax: 306-664-1161   Saskatoon
  Toll-Free: 877-727-5669     (877-SASKNOW)     North America


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message