> I have compiled libpcap for use on FreeBSD 3.3
...which comes standard with libpcap, so you're presumably doing that to
get the added capabilities of the tcpdump.org libpcap.
> and am trying to set up LaBrea.
>
> I get the following error:
>
> pcap_open_live(xl0): /dev/bpf1: No such file or directory
>
> I do have /dev/bpf0
>
> What would be the configure option I might pass to fix this?
The first configure option is the
pseudo-device bpfilter
option in your kernel configuration file. If the count after
"pseudo-device bpfilter" is 1, change it to 2, reconfigure, rebuild the
kernel, and reboot with the new kernel.
Then make sure you have "/dev/bpf1" as well; if you don't, you may have
to do
MAKEDEV bpf1
in the "/dev" directory.
Then it should be able to open "/dev/bpf1".
> It looks for /dev/bpf0 whether i try to access xl0 or xl1.
The unit number on the BPF device has nothing whatsoever to do with the
unit number of the network interface on which you're capturing.
BPF has one or more BPF devices available; a BPF device can only be
opened once - if two programs are both going to use BPF, they have to
open separate BPF devices.
If you have only one BPF device on your machine, then only one program
can use BPF at a time; if you have some other process running on your
system that's using BPF (which could be a system daemon), and have only
one BPF device available on your system, you won't be able to run any
other program that uses BPF while that process is running.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
