From owner-freebsd-questions Mon Jan 31 13:32:51 2000 Delivered-To: freebsd-questions@freebsd.org Received: from chi1.nucleusconsulting.com (chi1.nucleusconsulting.com [207.250.168.11]) by hub.freebsd.org (Postfix) with ESMTP id 268EB14FDA for ; Mon, 31 Jan 2000 13:32:45 -0800 (PST) (envelope-from parrothd@midwest.net) Received: from labntserver1.nucleusconsulting.com by chi1.nucleusconsulting.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.0.1461.56) id DSZAYT1A; Mon, 31 Jan 2000 15:31:02 -0600 Message-Id: <3.0.5.32.20000131153140.0092e100@midwest.net> X-Sender: parrothd@midwest.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Mon, 31 Jan 2000 15:31:40 -0600 To: nathan , "freebsd-questions@FreeBSD.ORG" From: "Jonathan E. Lyons" Subject: Re: berkeley packet filter doesn't work?? In-Reply-To: <3895FD1F.D204FF6E@ksu.edu> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 03:22 PM 1/31/00 -0600, nathan wrote: >I am trying to do some scanning of our office LAN to look for potential >security breaches (eg. plaintext user/pass combinations thru SAMBA, POP >auth, etc) and for inappropriate web browsing (eg. porn, hate sites, >etc) > >however... when i run tcpdump, ethereal, readsmb, etc. --> all i see >are the packets that have the host/destination address of my computer >(the one i'm running these apps on) > >i have the appropriate line in my kernel config for the Berkely Packet >Filter > pseudo-device bpfilter 4 > >and i did the ol > sh MAKEDEV bpf0 > >plus.. if bpf isn't config'd properly, those apps won't even RUN > >all i'm wanting to do is scan the traffic of the approximate 20 machines >that we have connected through a 100 mbit/s 3com switch Umm....I'd check the swith..(Trying to remember the definition of a swith)..But if it's a nice one, it's probably only routing the packets destine for your mac address to you, and not all packets on the network... :) > >my questions--> > >1) am i incorrect in my understanding of bpf?? > >2) if so, what in the hell good is berkeley packet filter if i can't see >any other packets 'sides those coming to/from my computer explicitly?? > >3) how can i correct this so i can see ALL (or at least MORE) of the >LAN traffic?? > >TIA!! > > Jonathan E. Lyons parrothd@midwest.net Nucleus Consulting ICQ # 14226912 www.nucleusconsulting.com Cell # 773-251-1967 A+, MCSE, CCNA, FreeBSD! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message