Berkeley Packet Filters – The Basics

by Jeff Stebelton
Oct. 2, 2017 0 comments Infosecwriters Detection & Response

What are Berkeley Packet Filters? BPF’s are a raw (protocol independent) socket interface to the data link layer that allows filtering of packets in a very granular fashion1. BPF were first introduced in 1990 by Steven McCanne of Lawrence Berkeley Laboratory, according the FreeBSD man page on bpf2.

http://www.infosecwriters.com/Papers/JStebelton_Berkeley.pdf