From owner-freebsd-security  Tue Feb  2 13:03:51 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA02662
          for freebsd-security-outgoing; Tue, 2 Feb 1999 13:03:51 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns.ge.com (ns.ge.com [192.35.39.24])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA02634
          for <security@FreeBSD.ORG>; Tue, 2 Feb 1999 13:03:47 -0800 (PST)
          (envelope-from steve.combs@indsys.ge.com)
Received: from thomas.ge.com (thomas-o.ge.com [10.47.28.21])
	by ns.ge.com (8.9.1/8.9.1) with ESMTP id QAA16099;
	Tue, 2 Feb 1999 16:02:26 -0500 (EST)
Received: from carsdb.salem.ge.com (carsdb.salem.ge.com [3.29.7.15])
	by thomas.ge.com (8.9.1/8.9.1) with ESMTP id QAA11014;
	Tue, 2 Feb 1999 16:02:26 -0500 (EST)
Received: from indsys.ge.com (combssf.salem.ge.com [3.29.24.77])
	by carsdb.salem.ge.com (8.8.8/8.8.8) with ESMTP id QAA06557;
	Tue, 2 Feb 1999 16:02:24 -0500 (EST)
Message-ID: <36B767DF.1848F5E4@indsys.ge.com>
Date: Tue, 02 Feb 1999 16:02:23 -0500
From: "Stephen F. Combs" <steve.combs@indsys.ge.com>
Organization: GE Industrial Systems, Global Security
X-Mailer: Mozilla 4.5 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Bill Woodford <woodford@cc181716-a.hwrd1.md.home.com>
CC: ML FreeBSD Security <security@FreeBSD.ORG>
Subject: Re: tcpdump
References: <19990202153458.A1152@cc181716-a.hwrd1.md.home.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

You need to build a kernel with bpfilter enabled.  I've run tcpdump on a
3c509 board many times (it's NOT a true network sniffer, but, it does
allow you to look at packets intercepted by your '509 board!).

Steve Combs
Security Analyst
GE Industrial Systems


Bill Woodford wrote:
> 
> Forgive my ignorance, but I built tcpdump (3.4a3) and libcap (0.4a1) and
> it built beautifully.  I read the docs, and that mentioned a few things to
> watch out for.  However, when I run tcpdump (as root), it gives me:
> 
> tcpdump: /dev/bpf0: Device not configured
> 
> I did a little reading, and realize it's possible that my NIC may not
> support it (it's a 3com 3c509 combo), but how would one tell.  Can anyone
> enlighten me as to the true nature of this error?  Im running natd/ipfw,
> would that interfere with the functioning of tcpdump?  Any help would be
> appreciated.  Thanks.
> 
> --
> Bill Woodford * woodford@cc181716-a.hwrd1.md.home.com * ICQ:14076169
>      "Windows Multitasking: Messing up several things at once."
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message