Date: Mon, 31 Jan 2000 15:31:40 -0600 From: "Jonathan E. Lyons" <parrothd@midwest.net> To: nathan <beemern@ksu.edu>, "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG> Subject: Re: berkeley packet filter doesn't work?? Message-ID: <3.0.5.32.20000131153140.0092e100@midwest.net> In-Reply-To: <3895FD1F.D204FF6E@ksu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
At 03:22 PM 1/31/00 -0600, nathan wrote: >I am trying to do some scanning of our office LAN to look for potential >security breaches (eg. plaintext user/pass combinations thru SAMBA, POP >auth, etc) and for inappropriate web browsing (eg. porn, hate sites, >etc) > >however... when i run tcpdump, ethereal, readsmb, etc. --> all i see >are the packets that have the host/destination address of my computer >(the one i'm running these apps on) > >i have the appropriate line in my kernel config for the Berkely Packet >Filter > pseudo-device bpfilter 4 > >and i did the ol > sh MAKEDEV bpf0 > >plus.. if bpf isn't config'd properly, those apps won't even RUN > >all i'm wanting to do is scan the traffic of the approximate 20 machines >that we have connected through a 100 mbit/s 3com switch Umm....I'd check the swith..(Trying to remember the definition of a swith)..But if it's a nice one, it's probably only routing the packets destine for your mac address to you, and not all packets on the network... :) > >my questions--> > >1) am i incorrect in my understanding of bpf?? > >2) if so, what in the hell good is berkeley packet filter if i can't see >any other packets 'sides those coming to/from my computer explicitly?? > >3) how can i correct this so i can see ALL (or at least MORE) of the >LAN traffic?? > >TIA!! > > Jonathan E. Lyons parrothd@midwest.net Nucleus Consulting ICQ # 14226912 www.nucleusconsulting.com Cell # 773-251-1967 A+, MCSE, CCNA, FreeBSD! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.20000131153140.0092e100>