Home / Definitions / Berkeley Packet Filter

Berkeley Packet Filter

Vangie Beal
Last Updated May 24, 2021 7:36 am
The Berkeley Packet Filter (BPF) is a new architecture for user-level packet capture. BPF provides a raw interface to data link layers in a protocol-independent fashion. All packets on the network, even those destined for other hosts, are accessible through this mechanism.

* The packet filter appears as a character special device, /dev/bpf0, /dev/bpf1 and so on. After opening the device, the file descriptor must be bound to a specific network interface. A given interface can be shared by multiple listeners, and the filter underlying each descriptor will see an identical packet stream. A separate device file is required for each minor device. * [Adapted from FreeBSD Man Pages]