Date: Thu, 29 Dec 2022 03:58:02 +0200 From: Damjan Jovanovic <damjan.jov@gmail.com> To: Dan Mack <mack@macktronics.com> Cc: freebsd-current@freebsd.org Subject: Re: native recording of all network connections on freebsd Message-ID: <CAJm2B-mq3=8YOY9vgKPYxFDENRkwsWXmqLnvWPc36pXjn4ejAA@mail.gmail.com> In-Reply-To: <b2ea51ee-3944-b8d7-e0a8-8e4f16ebb8f@macktronics.com> References: <b2ea51ee-3944-b8d7-e0a8-8e4f16ebb8f@macktronics.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Wed, Dec 28, 2022 at 4:21 PM Dan Mack <mack@macktronics.com> wrote: > > I'm wondering if anyone can help point me at a good way to continously > capture every inbound and outbound connection made to a freebsd system. > I'd prefer a way that is native in base if possible. I don't really want > to record all the packets, just the src:dest:rport:dport stats. > > Happy to RTFM as well, > > Dan > > Another possibility is to enable Netflow in ipfw (there is an ipfw_netflow service), which submits periodic reports of all connections made and their data usage, and then collect and process the Netflow data using a Netflow server. Or develop a custom Netgraph service that examines packets and logs connections. This would even work in the absence of any firewall. Damjan [-- Attachment #2 --] <div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Dec 28, 2022 at 4:21 PM Dan Mack <<a href="mailto:mack@macktronics.com">mack@macktronics.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br> I'm wondering if anyone can help point me at a good way to continously <br> capture every inbound and outbound connection made to a freebsd system. <br> I'd prefer a way that is native in base if possible. I don't really want <br> to record all the packets, just the src:dest:rport:dport stats.<br> <br> Happy to RTFM as well,<br> <br> Dan<br> <br></blockquote><div><br></div><div>Another possibility is to enable Netflow in ipfw (there is an ipfw_netflow service), which submits periodic reports of all connections made and their data usage, and then collect and process the Netflow data using a Netflow server.</div><div><br></div><div>Or develop a custom Netgraph service that examines packets and logs connections. This would even work in the absence of any firewall.</div><div><br></div><div>Damjan</div><div><br></div></div></div>help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJm2B-mq3=8YOY9vgKPYxFDENRkwsWXmqLnvWPc36pXjn4ejAA>