* The packet filter appears as a character special device, /dev/bpf0, /dev/bpf1 and so on. After opening the device, the file descriptor must be bound to a specific network interface. A given interface can be shared by multiple listeners, and the filter underlying each descriptor will see an identical packet stream. A separate device file is required for each minor device. * [Adapted from FreeBSD Man Pages]
Table of Contents
The Berkeley Packet Filter (BPF) is a new architecture for user-level packet capture. BPF provides a raw interface to data link layers in a protocol-independent fashion. All packets on the network, even those destined for other hosts, are accessible through this mechanism.
