Ethereal-users: Re: [Ethereal-users] Filtering problem

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>
Date: Fri, 12 Apr 2002 11:06:08 -0700
On Fri, Apr 12, 2002 at 04:24:11PM +0200, Adrian Mahdavi wrote:
> I need som info about the Ethereal.
> I have a machine, running Linux with two Network cards one is fxp1 which is
> connected
> to an internal Network and fxp0 which is connected to an external network.
> I run FreeBSD on this machine.

Well, you may have a machine running Linux, but the machine with fxp0
and fxp1 is running BSD of some sort, not Linux, as the interfaces would
be eth0 and eth1 on Linux.

> Now the problem: how can I prevent ARP requests from being sent through the
> tunnel.
> I need some filtering mechanism in my bridge to filter ARP requests.
> 
> Can I use Ethereal?

If you mean "can I use Ethereal as a filtering mechanism to keep the
bridge from filtering ARP requests", the answer is "no".  Ethereal is a
packet sniffer, not a filtering program that passes packets through it.

You would need to use some other mechanism.  Can you, for example,
somehow stick a netgraph module into the data path for the bridge?  If
so, I think there's a BPF netgraph module; the BPF code generated for
the tcpdump/Ethereal/etc. capture filter "not arp" would reject ARP
packets and pass non-ARP packets.