Hi folks.
Problem solved. It appears that "coppy-all" has to be set in pfconfig if
you want to snoop your own traffic. So, if I understand correctly,
pfconfig +p enables the PacketFilter to set promiscous mode
(it has to be enabled explicitely by ifconfig)
pfconfig +c enables copy-all mode, which is essential if you
want to snoop yourself.
I have tried this, but was unpatient. For some reason, I have a time
delay in operations when I try to snoop. I'll clarify. I've set the
following:
# pfconfig +p +c tu1
# ifconfig tu1 promisc
# tcpdump -i tu1 'port 143'
Then I started Netscape and connected to my IMAP server. There was a 10
second delay before tcpdump started printing output. After about 5
seconds Netscape made the connection. Like packets were buffered
internally and INet kernel subsystem was not getting them. This happens
only when tcpdump is active. And it only happens the first time, like it
has to "warm up", or something...
Any idea on these time delays?
Nix.
--
"/Earth is 98% full. Please delete anyone you can."
Received on Wed Oct 11 2000 - 05:54:53 NZDT