Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 31 Jan 2000 15:33:02 -0600
From:      Stephen <sdk@yuck.net>
To:        nathan <beemern@ksu.edu>
Cc:        "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG>
Subject:   Re: berkeley packet filter doesn't work??
Message-ID:  <20000131153302.A26971@visi.com>
In-Reply-To: <3895FD1F.D204FF6E@ksu.edu>; from nathan on Mon, Jan 31, 2000 at 03:22:39PM -0600
References:  <3895FD1F.D204FF6E@ksu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Jan 31, 2000 at 03:22:39PM -0600, nathan wrote:
> I am trying to do some scanning of our office LAN to look for potential
> security breaches (eg. plaintext user/pass combinations thru SAMBA, POP
> auth, etc) and for inappropriate web browsing (eg. porn, hate sites,
> etc)
> 
> however... when i run tcpdump, ethereal, readsmb, etc.  --> all i see
> are the packets that have the host/destination address of my computer
> (the one i'm running these apps on)
> 
> i have the appropriate line in my kernel config for the Berkely Packet
> Filter
>     pseudo-device bpfilter 4
> 
> and i did the ol
>     sh MAKEDEV bpf0
> 
> plus.. if bpf isn't config'd properly, those apps won't even RUN
> 
> all i'm wanting to do is scan the traffic of the approximate 20 machines
> that we have connected through a 100 mbit/s 3com switch
> 
> my questions-->
> 
> 1) am i incorrect in my understanding of bpf??
> 
> 2) if so, what in the hell good is berkeley packet filter if i can't see
> any other packets 'sides those coming to/from my computer explicitly??
> 
> 3) how can i correct this so i can see ALL (or at least MORE) of the
> LAN traffic??
> 
> TIA!!
> 

1) yes

2) you're using a switch, which "routes" on the mac layer.  You'll only see
you own traffic and broadcasts.

3) dig out the switch manual.  There might be a way to enable your port to
see all the traffic.

-- 
sdk@yuck.net



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000131153302.A26971>