From owner-freebsd-questions  Fri Nov 17 17:31:43 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from grumpy.dyndns.org (cm-24-246-28-166.toney.mediacom.ispchannel.com [24.246.28.166])
	by hub.freebsd.org (Postfix) with ESMTP id 302A137B479
	for <freebsd-questions@FreeBSD.ORG>; Fri, 17 Nov 2000 17:31:40 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by grumpy.dyndns.org (8.11.1/8.11.1) with ESMTP id eAI1VcS83713
	for <freebsd-questions@FreeBSD.ORG>; Fri, 17 Nov 2000 19:31:39 -0600 (CST)
	(envelope-from dkelly@grumpy.dyndns.org)
Message-Id: <200011180131.eAI1VcS83713@grumpy.dyndns.org>
X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4
To: freebsd-questions@FreeBSD.ORG
From: David Kelly <dkelly@hiwaay.net>
Subject: Re: tcpdump and firewall on Pipeline 
In-reply-to: Message from David Kelly <dkelly@hiwaay.net> 
   of "Thu, 16 Nov 2000 17:07:06 CST." <p04320402b63a13cdd07e@[10.0.0.20]> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 17 Nov 2000 19:31:38 -0600
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

David Kelly writes (replying to myself because no one else did):
> 
> The tcpdump(1) manpage says:
> 
>         To print traffic neither sourced  from  nor  destined  for
>         local  hosts  (if you gateway to one other net, this stuff
>         should never make it onto your local net).
>                tcpdump ip and not net localnet

> So I'm running "tcpdump ip and not net 10.0.0.0/24" which missed the
> above event captured by the Pipeline.

What I have since learned is that everything is working and tcpdump did 
capture said event. Wasn't until I killed it that its output was 
flushed to the log file. Now I know to add "-l" to force line buffering 
so I can see the event when it happens.

As for the firewall logs on the Pipeline, the events are still happening
with foreign addresses on source and destination, and tcpdump is not
seeing them on my office ethernet. I will worry a bit less.


--
David Kelly N4HHE, dkelly@hiwaay.net
=====================================================================
The human mind ordinarily operates at only ten percent of its
capacity -- the rest is overhead for the operating system.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message