From owner-freebsd-isp Mon Oct 7 14:28:53 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id OAA00660 for isp-outgoing; Mon, 7 Oct 1996 14:28:53 -0700 (PDT) Received: from www.trifecta.com (www.trifecta.com [206.245.150.3]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id OAA00652 for ; Mon, 7 Oct 1996 14:28:44 -0700 (PDT) Received: (from dev@localhost) by www.trifecta.com (8.7.5/8.6.12) id RAA12461; Mon, 7 Oct 1996 17:29:06 -0400 (EDT) Date: Mon, 7 Oct 1996 17:29:06 -0400 (EDT) From: Dev Chanchani To: Chris Timmons cc: freebsd-isp@FreeBSD.org Subject: Re: BPF In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk Chris, I looked at the tcpdump source code and did not find what I was looking for. It must be in there somewhere, guess I will take another gander. As well as Stevens Programming Books (I have the Network Programming), would that be BSD specific (deal with /dev/bpf?) Thanks, Dev On Mon, 7 Oct 1996, Chris Timmons wrote: > > man pcap > man tcpdump > > cd /usr/src/usr.sbin/tcpdump/tcpdump; more *.c > > :) > > This is a very good start. Stevens TCP Illustrated v1 and possibly v2 > might also be of interest to you. > > -Chris > > On Mon, 7 Oct 1996, Dev Chanchani wrote: > > > I was doing some tinkering with the /dev/bpf device. > > > > My understanding is that reading from the bpf device gives you a raw dump > > of the data over the network. > > > > You will have a bpf header (18 bytes?) > > Then I need to know the ip_offset for packets comming > > in over the ed1 network interface so I can start calculating > > how much traffic is going to what address based on the ip header. > > > > Any help would be appreciated. > > > > > >