Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 31 Jan 2000 23:05:30 -0500
From:      Ben WIlliams <williamsl@Home.Com>
To:        nathan <beemern@ksu.edu>
Cc:        FreeBSD questions <freebsd-questions@freebsd.org>
Subject:   Re: berkeley packet filter doesn't work??
Message-ID:  <13962.000131@Home.Com>
In-Reply-To: <3895FD1F.D204FF6E@ksu.edu>
References:  <3895FD1F.D204FF6E@ksu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
                                                    Monday, January 31, 2000
   In order to be able to see the packets from other computers you will
either have to have the BSD machine as a gateway through which all traffic
passes or (possibly? BPF hackers correct me here) have all the other NICs set
to promiscuous mode.
   I also think you'll have to have a BPF device for each NIC you want to spy
on. (BPF hackers?)

--Ben.

Monday, January 31, 2000, 16:22:39, you wrote:

n> I am trying to do some scanning of our office LAN to look for potential
n> security breaches (eg. plaintext user/pass combinations thru SAMBA, POP
n> auth, etc) and for inappropriate web browsing (eg. porn, hate sites,
n> etc)

n> however... when i run tcpdump, ethereal, readsmb, etc.  --> all i see
n> are the packets that have the host/destination address of my computer
n> (the one i'm running these apps on)

n> i have the appropriate line in my kernel config for the Berkely Packet
n> Filter
n>     pseudo-device bpfilter 4

n> and i did the ol
n>     sh MAKEDEV bpf0

n> plus.. if bpf isn't config'd properly, those apps won't even RUN

n> all i'm wanting to do is scan the traffic of the approximate 20 machines
n> that we have connected through a 100 mbit/s 3com switch

my questions-->>

n> 1) am i incorrect in my understanding of bpf??

n> 2) if so, what in the hell good is berkeley packet filter if i can't see
n> any other packets 'sides those coming to/from my computer explicitly??

n> 3) how can i correct this so i can see ALL (or at least MORE) of the
n> LAN traffic??

n> TIA!!





n> To Unsubscribe: send mail to majordomo@FreeBSD.org
n> with "unsubscribe freebsd-questions" in the body of the message



--
 Ben                                      mailto:williamsl@Home.Com




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13962.000131>