Re: Is there a FreeBSD equivalent of 'tcpdump -i any' from Linux?

From: Andrey V. Elsukov <bu7cher_at_yandex.ru>
Date: Thu, 03 Aug 2023 10:58:08 UTC
On 02.08.2023 06:49, Zane C B-H wrote:
> Replacement for daemonlogger given it is dead upstream and no one else 
> has picked up development. On Linux the same can easily be accomplished 
> via tcpdump and the pcap rotation options and then just using removing 
> old files based on age/disk usage. Unfortunately FreeBSD lacks support 
> for '-i any'. In many ways settled upon tcpdump as it is not likely to 
> just stopped be developed.
> 
> Netgraph looks semiworkable via one2many and setting the interfaces on 
> the many side or promisc, but this also creates the issue of the 
> listening interface can also transmit. That said looks like putting the 
> connected ng_iface in monitor mode at creation should solve that. Been 
> looking at that on and off today trying to wrap my head around netgraph.

You also can implement DLT_PKTAP or DLT_LINUX_SLL linktypes through some 
pseudo network driver, then modify ETHER_BPF_MTAP() macro, probably make 
some tweaks for tcpdump and you will get what you need. It seems not so 
hard.

-- 
WBR, Andrey V. Elsukov