Date: Wed, 28 Dec 2022 18:31:01 -0800 From: Bakul Shah <bakul@iitbombay.org> To: Dan Mack <mack@macktronics.com> Cc: freebsd-current@freebsd.org Subject: Re: native recording of all network connections on freebsd Message-ID: <4CC0832A-5852-43A2-ACD6-802BFD9E9BDA@iitbombay.org> In-Reply-To: <b2ea51ee-3944-b8d7-e0a8-8e4f16ebb8f@macktronics.com> References: <b2ea51ee-3944-b8d7-e0a8-8e4f16ebb8f@macktronics.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 28, 2022, at 6:21 AM, Dan Mack <mack@macktronics.com> wrote:
>=20
> I'm wondering if anyone can help point me at a good way to continously =
capture every inbound and outbound connection made to a freebsd system. =
I'd prefer a way that is native in base if possible. I don't really =
want to record all the packets, just the src:dest:rport:dport stats.
I'd build a simple program using pcap(3), and compile a bpf program
using pcap_compile and then do pcap_setfilter to capture just the
packets I want. Then save the desired fields from captured packets
(and use a hashtable if just {src,dst}{ip,port} are wanted). There
are online examples one can start from.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CC0832A-5852-43A2-ACD6-802BFD9E9BDA>