Subject: Re: non-standard way to capture network traffic
To: Vlad GALU <vladgalu@gmail.com>
From: Tonnerre <tonnerre@thundrix.ch>
List: tech-kern
Date: 09/24/2005 14:19:54
--qDbXVdCdHGoSgWSk
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Salut,
On Sat, Sep 24, 2005 at 03:12:46PM +0300, Vlad GALU wrote:
> > This can probably be done easiest by using pf and pflogd. Just drop and
> > log all packets on the interface, and disable outgoing just for not hav=
ing
> > to bother with it. If the processor is fast enough...
>=20
> That's overkill. Why not simply use bpf ? It's fast enough for most
> needs, be they hardcore or not.
Does bpf have an easy way to intercept the relevant headers from every
packet and write them into a tcpdumpable file?
Tonnerre
--qDbXVdCdHGoSgWSk
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)
iD8DBQFDNURqXUVlAbfmNMIRAiFkAJ9cGjCpcSxczYQRI8jgHINJzftntwCfYypf
SbmbUxP6lwXiD7DbzvNvF08=
=IjPc
-----END PGP SIGNATURE-----
--qDbXVdCdHGoSgWSk--