From owner-freebsd-stable@FreeBSD.ORG Wed Oct 26 06:53:41 2005 Return-Path: X-Original-To: stable@freebsd.org Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6632F16A41F; Wed, 26 Oct 2005 06:53:41 +0000 (GMT) (envelope-from dawnshade@mail.ru) Received: from relay1.kaspersky-labs.com (relay1.kaspersky-labs.com [212.5.80.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id C2B1843D48; Wed, 26 Oct 2005 06:53:40 +0000 (GMT) (envelope-from dawnshade@mail.ru) Received: from relay1.kaspersky-labs.com (localhost [127.0.0.1]) by relay1.kaspersky-labs.com (ESMTP) with SMTP id EF4761719C; Wed, 26 Oct 2005 10:53:38 +0400 (MSD) Received: from antispam.localhost (localhost [127.0.0.1]) by relay1.kaspersky-labs.com (ESMTP) with SMTP id 85C1B171AF; Wed, 26 Oct 2005 10:53:38 +0400 (MSD) Received: by relay1.kaspersky-labs.com (ESMTP, from userid 230) id 7EB73171A8; Wed, 26 Oct 2005 10:53:38 +0400 (MSD) Received: from avp_server2.avp.ru (mx.avp.ru [212.5.80.15]) by relay1.kaspersky-labs.com (ESMTP) with ESMTP id 707F617197; Wed, 26 Oct 2005 10:53:38 +0400 (MSD) Received: from moscow2.avp.ru ([10.64.0.4]) by avp_server2.avp.ru with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Oct 2005 10:53:38 +0400 Received: from moscow.avp.ru ([10.64.0.3]) by moscow2.avp.ru with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Oct 2005 10:53:38 +0400 Received: from [172.16.128.10] ([172.16.128.10]) by moscow.avp.ru with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Oct 2005 10:53:37 +0400 From: dawnshade To: freebsd-stable@freebsd.org, anton@nikiforov.ru Date: Wed, 26 Oct 2005 10:53:27 +0400 User-Agent: KMail/1.8.2 References: <435E85AB.3070701@nikiforov.ru> In-Reply-To: <435E85AB.3070701@nikiforov.ru> MIME-Version: 1.0 Content-Disposition: inline Message-Id: <200510261053.27853.dawnshade@mail.ru> Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable X-OriginalArrivalTime: 26 Oct 2005 06:53:37.0874 (UTC) FILETIME=[FDD70B20:01C5D9F9] X-SpamTest-Version: SMTP-Filter Version 2.0.0 [0125], KAS/Release X-Spamtest-Info: Pass through X-Anti-Virus: Kaspersky Anti-Virus for MailServers 5.5.2/RELEASE, bases: 26102005 #146858, status: clean Cc: stable@freebsd.org Subject: Re: pf and short packets X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Oct 2005 06:53:41 -0000 On Tuesday 25 October 2005 23:21, Anton Nikiforov wrote: > =9Atcpdump -n -e -ttt -x -i pflog0 host 127.0.0.1 > 000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 > > 127.0.0.1.643: . ack 30 win 65535 > =9A =9A =9A =9A =9A0x0000: =9A4600 002c 6605 4000 0306 11c5 7f00 0001 =9A= =46..,f.@......... > =9A =9A =9A =9A =9A0x0010: =9A7f00 0001 0100 0000 0202 0283 8129 5dab =9A= =2E............)]. > =9A =9A =9A =9A =9A0x0020: =9A5db7 f2f2 5010 ffff 7dce 0000 =9A =9A =9A = =9A =9A =9A]...P...}... > 000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 > > 127.0.0.1.643: . ack 30 win 65535 > =9A =9A =9A =9A =9A0x0000: =9A4600 002c d21d 4000 0306 a5ac 7f00 0001 =9A= =46..,..@......... > =9A =9A =9A =9A =9A0x0010: =9A7f00 0001 0100 0000 0202 0283 8129 5dab =9A= =2E............)]. > =9A =9A =9A =9A =9A0x0020: =9A5db7 f2f2 5010 ffff 7dce 0000 =9A =9A =9A = =9A =9A =9A]...P...}... > > The rule for this packet is not a "log" one, but the sign (short) is > what i cannot understand. Read 'man 1 tcpdump' about key "-s". You command must be like "tcpdump -s 1000 -n -e -ttt -x -i pflog0 host=20 127.0.0.1" Change value 1000 to appropriate.