Date: Wed, 29 May 1996 11:33:40 -0400 (EDT) From: Rashid Karimov <rashid@rk.ios.com> To: zgabor@CoDe.hu (Gabor Zahemszky) Cc: freebsd-questions@freebsd.org, sparkles@leland.Stanford.EDU Subject: Re: Does FreeBSD have tcpdump? Message-ID: <199605291533.LAA23294@rk.ios.com> In-Reply-To: <199605291151.LAA01732@CoDe.CoDe.hu> from "Gabor Zahemszky" at May 29, 96 11:51:40 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > > I need tcpdump (or basically anything that will put the network > > card in promiscuous mode), because I am writing some traffic analysis > > software. Is this software written for FreeBSD? > > I don't know, is it written for FreeBSD (I think - no, it's written for > a previous version of BSD), but it's in the original installed version. > So try to run it (it's in the /usr/sbin directory), but before: > 1) generate a new kernel with packet-filter configured > 2) make the packet-filter devices with /dev/MAKEDEV > 3) man bpf > 4) man tcpdump > > -- > Gabor Zahemszky <zgabor@CoDe.hu> yes , it does work just fine . One can even write simple traffic analyzer ( very useful thing actually), which will parse tcpdump output. Perl is cool for this ... I have some very simple thing here which parses 3.000.000 packets sniff in about 40 minutes on PPro 200 , splits it down to protos ( TCP/UDP ), services ( ftp vs http vs nntp etc), machines ( received/send at proto level and service level), client groups ( send/received by this POP vs that POP , transit traffic vs intra AS). Rashid
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605291533.LAA23294>