Re: Is there a FreeBSD equivalent of 'tcpdump -i any' from Linux?
- In reply to: Zane C B-H : "Re: Is there a FreeBSD equivalent of 'tcpdump -i any' from Linux?"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 03 Aug 2023 10:58:08 UTC
On 02.08.2023 06:49, Zane C B-H wrote: > Replacement for daemonlogger given it is dead upstream and no one else > has picked up development. On Linux the same can easily be accomplished > via tcpdump and the pcap rotation options and then just using removing > old files based on age/disk usage. Unfortunately FreeBSD lacks support > for '-i any'. In many ways settled upon tcpdump as it is not likely to > just stopped be developed. > > Netgraph looks semiworkable via one2many and setting the interfaces on > the many side or promisc, but this also creates the issue of the > listening interface can also transmit. That said looks like putting the > connected ng_iface in monitor mode at creation should solve that. Been > looking at that on and off today trying to wrap my head around netgraph. You also can implement DLT_PKTAP or DLT_LINUX_SLL linktypes through some pseudo network driver, then modify ETHER_BPF_MTAP() macro, probably make some tweaks for tcpdump and you will get what you need. It seems not so hard. -- WBR, Andrey V. Elsukov