Date: Wed, 28 Dec 2022 17:22:05 -0800 From: "Lyndon Nerenberg (VE7TFX/VE6BBM)" <lyndon@orthanc.ca> To: Dan Mack <mack@macktronics.com> Cc: freebsd-current@freebsd.org Subject: Re: native recording of all network connections on freebsd Message-ID: <1a196a2a8d9034d8@orthanc.ca> In-Reply-To: <b2ea51ee-3944-b8d7-e0a8-8e4f16ebb8f@macktronics.com> References: <b2ea51ee-3944-b8d7-e0a8-8e4f16ebb8f@macktronics.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dan Mack writes: > I'm wondering if anyone can help point me at a good way to continously > capture every inbound and outbound connection made to a freebsd system. Assuming "connection" means "log every TCP connection setup" probably the quickest way is to tcpdump every TCP packet with both SYN and ACK set. That will log one packet for every TCP connection that is established with the system. It won't capture anything for connection attempts that fail. If you want that as well, just log everything with SYN set. If you do the latter you will also collect the background noise from people port scanning you and attempting other nefarious deeds. --lyndon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1a196a2a8d9034d8>