The following instructions are applicable to Tru64 UNIX (formerly Digital UNIX (formerly DEC OSF/1)) version 4.0, and probably to later versions as well; at least some options apply to Digital UNIX 3.2 - perhaps all do. In order to use kernel packet filtering on this system, you have to configure it in such a way: Kernel configuration -------------------- The packet filtering kernel option must be enabled at kernel installation. If it was not the case, you can rebuild the kernel with "doconfig -c" after adding the following line in the kernel configuration file (/sys/conf/<HOSTNAME>): option PACKETFILTER or use "doconfig" without any arguments to add the packet filter driver option via the kernel option menu (see the system administration documentation for information on how to do this). Device configuration -------------------- Devices used for packet filtering must be created thanks to the following command (executed in the /dev directory): ./MAKEDEV pfilt Interface configuration ----------------------- In order to capture all packets on a network, you may want to allow applications to put the interface on that network into "local copy" mode, so that tcpdump can see packets sent by the host on which it's running as well as packets received by that host, and to put the interface into "promiscuous" mode, so that tcpdump can see packets on the network segment not sent to the host on which it's running, by using the pfconfig(1) command: pfconfig +c +p <network_device> or allow application to put any interface into "local copy" or "promiscuous" mode by using the command: pfconfig +c +p -a Note: all instructions given require root privileges.