Re: Is there a FreeBSD equivalent of 'tcpdump -i any' from Linux?

In reply to: Zane C B-H : "Is there a FreeBSD equivalent of 'tcpdump -i any' from Linux?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Stefan Zehl <sec_at_42.org>
Date: Thu, 03 Aug 2023 14:53:03 UTC

Hi,

On Tue, Aug 01, 2023 at 13:21 -0500, Zane C B-H wrote:
> So what is a good way to get all packets passing through that the kernel 
> currently sees? Apparently any is not support on non-Linux systems and 
> pflog would require adding log to all rules. Similarly only logs packets 
> that match a rule.

What I've done in the path is make an if_brige(4) bridge0 interface, put
that into monitor mode and joined all the interfaces needed to it.
Worked quite well for me.

CU,
    Sec
-- 
There are too many priorities. One has to prioritize priorities. -- Wietse