Date: Thu, 29 Dec 2022 03:58:02 +0200 From: Damjan Jovanovic <damjan.jov@gmail.com> To: Dan Mack <mack@macktronics.com> Cc: freebsd-current@freebsd.org Subject: Re: native recording of all network connections on freebsd Message-ID: <CAJm2B-mq3=8YOY9vgKPYxFDENRkwsWXmqLnvWPc36pXjn4ejAA@mail.gmail.com> In-Reply-To: <b2ea51ee-3944-b8d7-e0a8-8e4f16ebb8f@macktronics.com> References: <b2ea51ee-3944-b8d7-e0a8-8e4f16ebb8f@macktronics.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--0000000000006349e305f0edd1e0 Content-Type: text/plain; charset="UTF-8" On Wed, Dec 28, 2022 at 4:21 PM Dan Mack <mack@macktronics.com> wrote: > > I'm wondering if anyone can help point me at a good way to continously > capture every inbound and outbound connection made to a freebsd system. > I'd prefer a way that is native in base if possible. I don't really want > to record all the packets, just the src:dest:rport:dport stats. > > Happy to RTFM as well, > > Dan > > Another possibility is to enable Netflow in ipfw (there is an ipfw_netflow service), which submits periodic reports of all connections made and their data usage, and then collect and process the Netflow data using a Netflow server. Or develop a custom Netgraph service that examines packets and logs connections. This would even work in the absence of any firewall. Damjan --0000000000006349e305f0edd1e0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">= <div dir=3D"ltr" class=3D"gmail_attr">On Wed, Dec 28, 2022 at 4:21 PM Dan M= ack <<a href=3D"mailto:mack@macktronics.com">mack@macktronics.com</a>>= ; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px= 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br> I'm wondering if anyone can help point me at a good way to continously = <br> capture every inbound and outbound connection made to a freebsd system. <br= > I'd prefer a way that is native in base if possible.=C2=A0 =C2=A0I don&= #39;t really want <br> to record all the packets, just the src:dest:rport:dport stats.<br> <br> Happy to RTFM as well,<br> <br> Dan<br> <br></blockquote><div><br></div><div>Another possibility is to enable Netfl= ow in ipfw (there is an ipfw_netflow service), which submits periodic repor= ts of all connections made and their data usage, and then collect and proce= ss the Netflow data using a Netflow server.</div><div><br></div><div>Or dev= elop a custom Netgraph service that examines packets and logs connections. = This would even work in the absence of any firewall.</div><div><br></div><d= iv>Damjan</div><div><br></div></div></div> --0000000000006349e305f0edd1e0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJm2B-mq3=8YOY9vgKPYxFDENRkwsWXmqLnvWPc36pXjn4ejAA>