Date: Mon, 31 Jan 2000 15:22:39 -0600 From: nathan <beemern@ksu.edu> To: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG> Subject: berkeley packet filter doesn't work?? Message-ID: <3895FD1F.D204FF6E@ksu.edu>
next in thread | raw e-mail | index | archive | help
I am trying to do some scanning of our office LAN to look for potential
security breaches (eg. plaintext user/pass combinations thru SAMBA, POP
auth, etc) and for inappropriate web browsing (eg. porn, hate sites,
etc)
however... when i run tcpdump, ethereal, readsmb, etc. --> all i see
are the packets that have the host/destination address of my computer
(the one i'm running these apps on)
i have the appropriate line in my kernel config for the Berkely Packet
Filter
pseudo-device bpfilter 4
and i did the ol
sh MAKEDEV bpf0
plus.. if bpf isn't config'd properly, those apps won't even RUN
all i'm wanting to do is scan the traffic of the approximate 20 machines
that we have connected through a 100 mbit/s 3com switch
my questions-->
1) am i incorrect in my understanding of bpf??
2) if so, what in the hell good is berkeley packet filter if i can't see
any other packets 'sides those coming to/from my computer explicitly??
3) how can i correct this so i can see ALL (or at least MORE) of the
LAN traffic??
TIA!!
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3895FD1F.D204FF6E>