From owner-freebsd-questions Mon Jan 31 13:21:22 2000 Delivered-To: freebsd-questions@freebsd.org Received: from skygod.cns.ksu.edu (skygod.cns.ksu.edu [129.130.61.25]) by hub.freebsd.org (Postfix) with ESMTP id 0F7F014FC5 for ; Mon, 31 Jan 2000 13:21:17 -0800 (PST) (envelope-from beemern@ksu.edu) Received: from ksu.edu ([129.130.61.24]) by skygod.cns.ksu.edu (8.9.2/8.9.2) with ESMTP id PAA59536 for ; Mon, 31 Jan 2000 15:55:13 -0600 (CST) (envelope-from beemern@ksu.edu) Message-ID: <3895FD1F.D204FF6E@ksu.edu> Date: Mon, 31 Jan 2000 15:22:39 -0600 From: nathan X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: "freebsd-questions@FreeBSD.ORG" Subject: berkeley packet filter doesn't work?? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I am trying to do some scanning of our office LAN to look for potential security breaches (eg. plaintext user/pass combinations thru SAMBA, POP auth, etc) and for inappropriate web browsing (eg. porn, hate sites, etc) however... when i run tcpdump, ethereal, readsmb, etc. --> all i see are the packets that have the host/destination address of my computer (the one i'm running these apps on) i have the appropriate line in my kernel config for the Berkely Packet Filter pseudo-device bpfilter 4 and i did the ol sh MAKEDEV bpf0 plus.. if bpf isn't config'd properly, those apps won't even RUN all i'm wanting to do is scan the traffic of the approximate 20 machines that we have connected through a 100 mbit/s 3com switch my questions--> 1) am i incorrect in my understanding of bpf?? 2) if so, what in the hell good is berkeley packet filter if i can't see any other packets 'sides those coming to/from my computer explicitly?? 3) how can i correct this so i can see ALL (or at least MORE) of the LAN traffic?? TIA!! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message