Friday, August 11, 2006

Create BPF device

Sometimes you need more than one bpf interface to run your network monitoring application, especially if you are using creative IDS like Bro-IDS and snort or some other tools such as trafshow and so forth, thus you need to have multiple bpf interfaces, while you may run into problem where bpf interface not exists or permission denied, you can create the bpf interface manually before running those kind of applications. Login as root and run -

shell>cd /dev; mknod bpf5 c 0 0

Now you will find bpf5 is created under /dev directory, changing the permission to 744 will most properly lead you to run the network monitoring application successfully without problem.

By the way this is applied to FreeBSD and OpenBSD.

Peace :]

4 comments:

Richard Bejtlich said...

I don't think you need this on FreeBSD anymore.

From the mknod man page:

The mknod utility is deprecated on modern FreeBSD systems.

Anonymous said...

I usually create a hand full of extras like this:

'cd /dev; for i in `echo {10..20}`; do ./MAKEDEV bpf$i; done'

Joe said...

Why do you need multiple bpf devices?

kbcz said...

For example, if you have dhcpd serving multuple subnets, by default you can only have few.

You get errors like this in the log:
"dhcpd[16592]: Can't find free bpf: No such file or directory"