Date: Thu, 29 Dec 2022 10:13:24 +0100 From: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> To: freebsd-current@freebsd.org Subject: Re: native recording of all network connections on freebsd Message-ID: <a0c64a7b-84cc-9e95-b894-ac2bc231ecb3@plan-b.pwste.edu.pl> In-Reply-To: <CAJm2B-mq3=8YOY9vgKPYxFDENRkwsWXmqLnvWPc36pXjn4ejAA@mail.gmail.com> References: <b2ea51ee-3944-b8d7-e0a8-8e4f16ebb8f@macktronics.com> <CAJm2B-mq3=8YOY9vgKPYxFDENRkwsWXmqLnvWPc36pXjn4ejAA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------UIWKljjd19Yx81xeL1gh6a3v
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
W dniu 29.12.2022 o 02:58, Damjan Jovanovic pisze:
>
>
> On Wed, Dec 28, 2022 at 4:21 PM Dan Mack <mack@macktronics.com> wrote:
>
>
> I'm wondering if anyone can help point me at a good way to
> continously
> capture every inbound and outbound connection made to a freebsd
> system.
> I'd prefer a way that is native in base if possible. I don't
> really want
> to record all the packets, just the src:dest:rport:dport stats.
>
> Happy to RTFM as well,
>
> Dan
>
>
> Another possibility is to enable Netflow in ipfw (there is an
> ipfw_netflow service), which submits periodic reports of all
> connections made and their data usage, and then collect and process
> the Netflow data using a Netflow server.
>
> Or develop a custom Netgraph service that examines packets and logs
> connections. This would even work in the absence of any firewall.
>
Such a node exists: ng_netflow(4) and works flawlessly.
--
Marek Zarychta
--------------UIWKljjd19Yx81xeL1gh6a3v
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">W dniu 29.12.2022 o 02:58, Damjan
Jovanovic pisze:<br>
</div>
<blockquote type="cite"
cite="mid:CAJm2B-mq3=8YOY9vgKPYxFDENRkwsWXmqLnvWPc36pXjn4ejAA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr"><br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Dec 28, 2022 at 4:21
PM Dan Mack <<a href="mailto:mack@macktronics.com"
moz-do-not-send="true" class="moz-txt-link-freetext">mack@macktronics.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex"><br>
I'm wondering if anyone can help point me at a good way to
continously <br>
capture every inbound and outbound connection made to a
freebsd system. <br>
I'd prefer a way that is native in base if possible. I
don't really want <br>
to record all the packets, just the src:dest:rport:dport
stats.<br>
<br>
Happy to RTFM as well,<br>
<br>
Dan<br>
<br>
</blockquote>
<div><br>
</div>
<div>Another possibility is to enable Netflow in ipfw (there
is an ipfw_netflow service), which submits periodic reports
of all connections made and their data usage, and then
collect and process the Netflow data using a Netflow server.</div>
<div><br>
</div>
<div>Or develop a custom Netgraph service that examines
packets and logs connections. This would even work in the
absence of any firewall.</div>
<div><br>
</div>
</div>
</div>
</blockquote>
<p>Such a node exists: ng_netflow(4) and works flawlessly.<br>
</p>
<p><br>
</p>
<p><br>
</p>
<pre class="moz-signature" cols="72">--
Marek Zarychta</pre>
</body>
</html>
--------------UIWKljjd19Yx81xeL1gh6a3v--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a0c64a7b-84cc-9e95-b894-ac2bc231ecb3>