Date: Mon, 7 Oct 1996 13:48:02 -0700 (PDT) From: Chris Timmons <skynyrd@tahoma.cwu.edu> To: Dev Chanchani <dev@trifecta.com> Cc: freebsd-isp@FreeBSD.org Subject: Re: BPF Message-ID: <Pine.OSF.3.95.961007134406.8277D-100000@tahoma.cwu.edu> In-Reply-To: <Pine.BSF.3.91.961007135109.11531A-100000@www.trifecta.com>
next in thread | previous in thread | raw e-mail | index | archive | help
man pcap man tcpdump cd /usr/src/usr.sbin/tcpdump/tcpdump; more *.c :) This is a very good start. Stevens TCP Illustrated v1 and possibly v2 might also be of interest to you. -Chris On Mon, 7 Oct 1996, Dev Chanchani wrote: > I was doing some tinkering with the /dev/bpf device. > > My understanding is that reading from the bpf device gives you a raw dump > of the data over the network. > > You will have a bpf header (18 bytes?) > Then I need to know the ip_offset for packets comming > in over the ed1 network interface so I can start calculating > how much traffic is going to what address based on the ip header. > > Any help would be appreciated. > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.3.95.961007134406.8277D-100000>