Cyber Security Expo
Berkeley Packet Filters - The Basics by Jeff Stebelton on 20/08/08

What are Berkeley Packet Filters? BPFs are a raw (protocol independent) socket interface to the data link layer that allows filtering of packets in a very granular fashion.

Support for BPF is compiled into the kernel in UNIX like hosts, or if not, libpcap/Winpcap allows this to be done at user mode level. If done via user mode, all packets are copied up from the interface and not just the ones the filter specifies.

BPF were first introduced in 1990 by Steven McCanne of Lawrence Berkeley Laboratory, according the FreeBSD man page on bpf2.

This document is in PDF format. To view it click here.

Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , All rights reserved. Comments are property of the respective posters.