Shimomura on BPF, NSA and Crypto:
One of the tools I modified for my work was a sophisticated piece of software called the Berkeley Packet Filter. ... Unlike the original BPF, my version was designed to bury ^^^^^^^^^^^^^^^^^^^^^^^ itself inside the operating system of a computer and watch for certain information as it flowed through the computer from the Internet. When a packet from a certain address, or for that matter any other desired piece of information designated by the user flashed by, BPF would grab it and place it in a file where it could be kept for later viewing.
This is *exactly* what BPF does, always did and was designed to do. As for writing the packets to a file, everything but opening and closing the file are described in the man page. You could code it in 10 lines. +----------------------------------+-----------------------------------------+ |Julian Assange | "if you think the United States has | |FAX: +61-3-9819-9066 | stood still, who built the largest | |EMAIL: proff@suburbia.net | shopping centre in the world?" - Nixon | +----------------------------------+-----------------------------------------+