Berkeley Packet Filter Last modified: Wednesday, October 19, 2005
The Berkeley Packet Filter (BPF) is a new architecture for user-level packet capture. BPF provides a raw interface to data link layers in a protocol-independent fashion. All packets on the network, even those destined for other hosts, are accessible through this mechanism. * The packet filter appears as a character special device, /dev/bpf0, /dev/bpf1 and so on. After opening the device, the file descriptor must be bound to a specific network interface. A given interface can be shared by multiple listeners, and the filter underlying each descriptor will see an identical packet stream. A separate device file is required for each minor device. * [Adapted from FreeBSD Man Pages]
Filtering IDS Packets The simplest and most efficient way to extract needed data from the ever-growing database logging these packets is to use a combination of Berkeley packet filters (bpf) and bitmask filters. Manual Reference Pages - BPF Includes a BPF synopsis, overview, header and filter information, along with examples, files, and bugs. The BSD Packet Filter (PDF) The BSD Packet Filter (BPF) uses a new, register based filter evaluator that is up to 20 times faster than the original design. BPF also uses a straightforward buffering strategy that makes its overall performance up to 100 times faster than Sun’s NIT running on the same hardware.

Related Terms

architecture LLDP LLDP Agent network packet

Shopping packet filter Products Compare Products,Prices and Stores Shop by Category: Firewalls 212 Model Matches Routers 176 Model Matches