|
Packit |
209cc3 |
The following instructions are applicable to Tru64 UNIX
|
|
Packit |
209cc3 |
(formerly Digital UNIX (formerly DEC OSF/1)) version 4.0, and
|
|
Packit |
209cc3 |
probably to later versions as well; at least some options apply to
|
|
Packit |
209cc3 |
Digital UNIX 3.2 - perhaps all do.
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
In order to use kernel packet filtering on this system, you have
|
|
Packit |
209cc3 |
to configure it in such a way:
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Kernel configuration
|
|
Packit |
209cc3 |
--------------------
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
The packet filtering kernel option must be enabled at kernel
|
|
Packit |
209cc3 |
installation. If it was not the case, you can rebuild the kernel with
|
|
Packit |
209cc3 |
"doconfig -c" after adding the following line in the kernel
|
|
Packit |
209cc3 |
configuration file (/sys/conf/<HOSTNAME>):
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
option PACKETFILTER
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
or use "doconfig" without any arguments to add the packet filter driver
|
|
Packit |
209cc3 |
option via the kernel option menu (see the system administration
|
|
Packit |
209cc3 |
documentation for information on how to do this).
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Device configuration
|
|
Packit |
209cc3 |
--------------------
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Devices used for packet filtering must be created thanks to
|
|
Packit |
209cc3 |
the following command (executed in the /dev directory):
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
./MAKEDEV pfilt
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Interface configuration
|
|
Packit |
209cc3 |
-----------------------
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
In order to capture all packets on a network, you may want to allow
|
|
Packit |
209cc3 |
applications to put the interface on that network into "local copy"
|
|
Packit |
209cc3 |
mode, so that tcpdump can see packets sent by the host on which it's
|
|
Packit |
209cc3 |
running as well as packets received by that host, and to put the
|
|
Packit |
209cc3 |
interface into "promiscuous" mode, so that tcpdump can see packets on
|
|
Packit |
209cc3 |
the network segment not sent to the host on which it's running, by using
|
|
Packit |
209cc3 |
the pfconfig(1) command:
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pfconfig +c +p <network_device>
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
or allow application to put any interface into "local copy" or
|
|
Packit |
209cc3 |
"promiscuous" mode by using the command:
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
pfconfig +c +p -a
|
|
Packit |
209cc3 |
|
|
Packit |
209cc3 |
Note: all instructions given require root privileges.
|