From Hackepedia
Jump to navigationJump to search

BPF is the Berkeley Packet Filter. It allows inspection and injection of OSI layer 2 frames. Typical implementations using BPF are pppoe, dhcpd and tcpdump. For layers 3 and above it's wise to use sockets since the code dealing with complex things such as IP fragmentation, routing, etc is already provided.

Sniffing & Privacy

BPF is the interface for sniffing traffic that either gets forwarded through the UNIX host or passed to it by means of a monitor on a switch or router. Since this operation is simple for an administrator or another party having access to the wire it is recommended by everyone with a clue to use cryptography in communication.