From owner-freebsd-questions Wed May 29 08:35:41 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id IAA11520 for questions-outgoing; Wed, 29 May 1996 08:35:41 -0700 (PDT) Received: from rk.ios.com (rk.ios.com [198.4.75.55]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id IAA11513 for ; Wed, 29 May 1996 08:35:35 -0700 (PDT) Received: (from rashid@localhost) by rk.ios.com (8.6.11/8.6.9) id LAA23294; Wed, 29 May 1996 11:33:40 -0400 From: Rashid Karimov Message-Id: <199605291533.LAA23294@rk.ios.com> Subject: Re: Does FreeBSD have tcpdump? To: zgabor@CoDe.hu (Gabor Zahemszky) Date: Wed, 29 May 1996 11:33:40 -0400 (EDT) Cc: freebsd-questions@freebsd.org, sparkles@leland.Stanford.EDU In-Reply-To: <199605291151.LAA01732@CoDe.CoDe.hu> from "Gabor Zahemszky" at May 29, 96 11:51:40 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > > I need tcpdump (or basically anything that will put the network > > card in promiscuous mode), because I am writing some traffic analysis > > software. Is this software written for FreeBSD? > > I don't know, is it written for FreeBSD (I think - no, it's written for > a previous version of BSD), but it's in the original installed version. > So try to run it (it's in the /usr/sbin directory), but before: > 1) generate a new kernel with packet-filter configured > 2) make the packet-filter devices with /dev/MAKEDEV > 3) man bpf > 4) man tcpdump > > -- > Gabor Zahemszky yes , it does work just fine . One can even write simple traffic analyzer ( very useful thing actually), which will parse tcpdump output. Perl is cool for this ... I have some very simple thing here which parses 3.000.000 packets sniff in about 40 minutes on PPro 200 , splits it down to protos ( TCP/UDP ), services ( ftp vs http vs nntp etc), machines ( received/send at proto level and service level), client groups ( send/received by this POP vs that POP , transit traffic vs intra AS). Rashid