From owner-freebsd-isp  Mon Oct  7 13:51:10 1996
Return-Path: owner-isp
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id NAA27398
          for isp-outgoing; Mon, 7 Oct 1996 13:51:10 -0700 (PDT)
Received: from tahoma.cwu.edu (skynyrd@tahoma.cwu.edu [198.104.65.220])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id NAA27393
          for <freebsd-isp@FreeBSD.org>; Mon, 7 Oct 1996 13:51:07 -0700 (PDT)
Received: by tahoma.cwu.edu; id AA01981; Mon, 7 Oct 1996 13:48:02 -0700
Date: Mon, 7 Oct 1996 13:48:02 -0700 (PDT)
From: Chris Timmons <skynyrd@tahoma.cwu.edu>
To: Dev Chanchani <dev@trifecta.com>
Cc: freebsd-isp@FreeBSD.org
Subject: Re: BPF
In-Reply-To: <Pine.BSF.3.91.961007135109.11531A-100000@www.trifecta.com>
Message-Id: <Pine.OSF.3.95.961007134406.8277D-100000@tahoma.cwu.edu>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-isp@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk


man pcap
man tcpdump

cd /usr/src/usr.sbin/tcpdump/tcpdump; more *.c

:)

This is a very good start.  Stevens TCP Illustrated v1 and possibly v2
might also be of interest to you. 

-Chris

On Mon, 7 Oct 1996, Dev Chanchani wrote:

> I was doing some tinkering with the /dev/bpf device.
> 
> My understanding is that reading from the bpf device gives you a raw dump 
> of the data over the network.
> 
> You will have a bpf header (18 bytes?)
> Then I need to know the ip_offset for packets comming
> in over the ed1 network interface so I can start calculating
> how much traffic is going to what address based on the ip header.
> 
> Any help would be appreciated.
> 
>