From owner-freebsd-questions Wed Nov 13 16:20: 9 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E35FD37B401 for ; Wed, 13 Nov 2002 16:20:07 -0800 (PST) Received: from madscience.volumen.net (hickey52.micro-mania.net [208.32.118.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 035A643E4A for ; Wed, 13 Nov 2002 16:20:07 -0800 (PST) (envelope-from shane@howsyournetwork.com) Received: from [10.252.238.73] (daneel.volumen.net [10.252.238.73]) by madscience.volumen.net (8.11.6/8.11.6) with ESMTP id gAE0K1n17991 for ; Wed, 13 Nov 2002 17:20:01 -0700 Subject: 9th field in ipmon logs From: Shane Hickey To: freebsd-questions@freebsd.org Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.8 (1.0.8-10) Date: 13 Nov 2002 17:20:00 -0700 Message-Id: <1037233201.12898.11.camel@daneel.volumen.net> Mime-Version: 1.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Howdy all, I just replaced my Cisco PIX 506 firewall with a 5/66 FreeBSD box and I'm feeling fine. I'm wading through the logs generated by ipmon and I need to know where i can get some in-depth answers on the 9th field (tcp flags and such). The man page explains a little bit and then refers you to the manpage for ipf.conf. Well, I don't have any such manpage. Or if I do, I'm blind. Anyway, I understand the tcp flags part, but what are the numbers that come afterwards? For example, I'm guessing that an entry ending with "-A 972648548 385190336 53352 IN" is an ACK packet, but what do those numbers stand for? The IN is because it is an inbound packet? Next I need to get my FreeBSD box to talk IPSec 3DEC to a Cisco PIX 525. Can anyone give any pointers in that direction? Thanks, Shane To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message