On Thu, Feb 03, 2000 at 11:28:49PM +0200, [EMAIL PROTECTED] wrote:
> A quick question, is it possible to copy all traffic coming into a
> particular interface to a divert socket, while still having the traffic
> also running normally and taking normal routes etc.
>
> I would have thought you would use the tee option in ipfw for this, but
> its not implemented yet according to my man pages, so I was wondering if
> there was another way to do this, cause it makes traffic analysis a hell
> of a lot easier if I can do this rather than having to sniff it with bpf
> or something.
I can;t answer this for ipfw (though IIRC there does exist a tee option
in -current for ipfw).
With ipfilter you can dup al traffic to an alternate device, like a tunnel
device.
e.g:
pass in on lo0 dup-to tun0 from localhost to localhost
or:
pass in on lo0 dup-to ed0:1.2.3.4 from localhost to localhost
where 1.2.3.4 is a machine on the same lan as ed0.
-Guido
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
