From owner-freebsd-questions  Wed Nov 12 05:35:22 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id FAA04361
          for questions-outgoing; Wed, 12 Nov 1997 05:35:22 -0800 (PST)
          (envelope-from owner-freebsd-questions)
Received: from BIGFUN.vwcom.com (BIGFUN.vwcom.com [151.197.101.21])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id FAA04356
          for <questions@FreeBSD.ORG>; Wed, 12 Nov 1997 05:35:19 -0800 (PST)
          (envelope-from bmc@WillsCreek.COM)
Received: from WillsCreek.COM (gw.willscreek.com [151.197.101.46])
	by BIGFUN.vwcom.com (8.8.6/8.8.6) with ESMTP id IAA05993
	for <questions@FreeBSD.ORG>; Wed, 12 Nov 1997 08:30:31 -0500 (EST)
Received: from current.willscreek.com (current.willscreek.com [172.16.87.1])
	by WillsCreek.COM (8.8.5/8.8.5) with ESMTP id IAA15664
	for <questions@FreeBSD.ORG>; Wed, 12 Nov 1997 08:35:15 -0500 (EST)
Received: (from bmc@localhost)
	by current.willscreek.com (8.8.5/8.8.5) id IAA01633;
	Wed, 12 Nov 1997 08:35:15 -0500 (EST)
Date: Wed, 12 Nov 1997 08:35:15 -0500 (EST)
Message-Id: <199711121335.IAA01633@current.willscreek.com>
From: Brian Clapper <bmc@WillsCreek.COM>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: questions@FreeBSD.ORG
Subject: Re: newbie question: tcpdump problem
In-Reply-To: <52454419@toto.iv>
X-Mailer: VM 6.23 under Emacs 19.34.1
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Feiyi Wang wrote:

> Hi, there
>
> Just get 2.2.5 installed, try to run "tcpdump", but it said /dev/bpf0 :
> device not configured. So I run MAKEDEV bpf0 to create a device, still
> not working. Anybody help me out?

You're missing the `bpf' pseudo-device driver from your kernel.  You need
to add a `pseudo-device bpf ...' line to your kernel configuration. and
rebuild your kernel.

Here's a relevant excerpt from the FreeBSD Handbook:
(`http://WWW.FreeBSD.ORG/handbook/handbook48.html#kernelconfig:network')

        pseudo-device bpfilter number

             Berkeley packet filter. This pseudo-device allows network
             interfaces to be placed in promiscuous mode, capturing every
             packet on a broadcast network (e.g. an ethernet). These
             packets can be captured to disk and/or examined with the
             tcpdump(1) program. Note that implementation of this
             capability can seriously compromise your overall network
             security. The number after bpfilter is the number of
             interfaces that can be examined simultaneously. Optional, not
             recommended except for those who are fully aware of the
             potential pitfalls. Not all network cards support this
             capability.

-----
Brian Clapper, bmc@WillsCreek.COM, http://WWW.WillsCreek.COM/
Make no little plans. They have no Magic to stir Men's blood.
        -- D. B. Hudson