Date: Thu, 3 Feb 2000 23:22:56 +0100 From: Guido van Rooij <guido@gvr.org> To: lists@security.za.net Cc: hackers@freebsd.org Subject: Re: IPFW / IP Filter question Message-ID: <20000203232256.A66818@gvr.gvr.org> In-Reply-To: <Pine.BSF.4.10.10002032327020.3527-100000@security.za.net>; from lists@security.za.net on Thu, Feb 03, 2000 at 11:28:49PM %2B0200 References: <Pine.BSF.4.10.10002032327020.3527-100000@security.za.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 03, 2000 at 11:28:49PM +0200, lists@security.za.net wrote: > A quick question, is it possible to copy all traffic coming into a > particular interface to a divert socket, while still having the traffic > also running normally and taking normal routes etc. > > I would have thought you would use the tee option in ipfw for this, but > its not implemented yet according to my man pages, so I was wondering if > there was another way to do this, cause it makes traffic analysis a hell > of a lot easier if I can do this rather than having to sniff it with bpf > or something. I can;t answer this for ipfw (though IIRC there does exist a tee option in -current for ipfw). With ipfilter you can dup al traffic to an alternate device, like a tunnel device. e.g: pass in on lo0 dup-to tun0 from localhost to localhost or: pass in on lo0 dup-to ed0:1.2.3.4 from localhost to localhost where 1.2.3.4 is a machine on the same lan as ed0. -Guido To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000203232256.A66818>