From owner-freebsd-pf@FreeBSD.ORG  Mon Mar 17 15:07:28 2008
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BBA031065673
	for <freebsd-pf@freebsd.org>; Mon, 17 Mar 2008 15:07:28 +0000 (UTC)
	(envelope-from yaraghchi@gmail.com)
Received: from ti-out-0910.google.com (ti-out-0910.google.com [209.85.142.191])
	by mx1.freebsd.org (Postfix) with ESMTP id 3913E8FC32
	for <freebsd-pf@freebsd.org>; Mon, 17 Mar 2008 15:07:27 +0000 (UTC)
	(envelope-from yaraghchi@gmail.com)
Received: by ti-out-0910.google.com with SMTP id j2so1643472tid.3
	for <freebsd-pf@freebsd.org>; Mon, 17 Mar 2008 08:07:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
	bh=VlwHeU86Cwa/yL6bcoG8+9inHLuUDDa1dMSHfC6fVqE=;
	b=FDItxd0Rjsn/gQgcmbxOrla+r6fpF6iAlixyICyOELuprYuikV0xBvMCWZiRC/PGX1uvDqPKYXGLZs6O4QtD+GJRjU5zhTF9ONvGSjrGorZpabCV4FLqnkTyd5lM8Aipa0oEXOkg11FvTXSFAWBHdBjvgN0Zy00i/RKitXXU0Yc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
	b=JBbtcym1E0azb+DFzXkGVg7k0Lsn6mkkjYMvTJEAkRwjwpnTK8+cNZ7TFgjQLRzczYnQqipFk5MkSWEjD0crbZ0oTVrX+RbiIHAenDInfvor/v7cdoLVj/82eVW1DHqzhXVtqKTBAv2Cgj27Ee7q7BIg32yJtcyABoiuqwudefU=
Received: by 10.150.148.7 with SMTP id v7mr208381ybd.26.1205766443071;
	Mon, 17 Mar 2008 08:07:23 -0700 (PDT)
Received: by 10.150.182.21 with HTTP; Mon, 17 Mar 2008 08:07:23 -0700 (PDT)
Message-ID: <25f52a3d0803170807s12de21b2n739c255f74459e11@mail.gmail.com>
Date: Mon, 17 Mar 2008 16:07:23 +0100
From: "Stephan F. Yaraghchi" <stephan@yaraghchi.org>
Sender: yaraghchi@gmail.com
To: "Jeremy Chadwick" <koitsu@freebsd.org>
In-Reply-To: <20080317145040.GA48737@eos.sc1.parodius.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <25f52a3d0803170650j72beaeev51105ed0713f7867@mail.gmail.com>
	<20080317145040.GA48737@eos.sc1.parodius.com>
X-Google-Sender-Auth: de55e9579a378746
Cc: freebsd-pf@freebsd.org
Subject: Re: watching the log in real time
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Mar 2008 15:07:28 -0000

Thank you, too!

On Mon, Mar 17, 2008 at 3:50 PM, Jeremy Chadwick <koitsu@freebsd.org> wrote=
:
> On Mon, Mar 17, 2008 at 02:50:18PM +0100, Stephan F. Yaraghchi wrote:
>  > When I issue 'tcpdump -netttt -i pflog0' to watch the log in real time
>  > I'm getting pretty brief output like:
>  >
>  > 2008-03-16 11:46:45.527125 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:45.590116 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:45.652107 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:45.715098 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:45.777087 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:47.249281 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:50.011245 rule 0/0(match): block in on fxp1: [|ip]
>  > 2008-03-16 11:46:52.761126 rule 0/0(match): block in on fxp1: [|ip]
>
>  Choose a larger snaplen size for tcpdump to use, e.g. tcpdump -s 1024.
>  Don't pick something absurdly large.
>
>  There is a discussion as to whether or not tcpdump on FreeBSD should
>  default to using a larger snaplen size (128 would be good).
>
>  --
>  | Jeremy Chadwick                                    jdc at parodius.com=
 |
>  | Parodius Networking                           http://www.parodius.com/=
 |
>  | UNIX Systems Administrator                      Mountain View, CA, USA=
 |
>  | Making life hard for others since 1977.                  PGP: 4BD6C0CB=
 |
>
>  _______________________________________________
>  freebsd-pf@freebsd.org mailing list
>  http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>  To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>



--=20
Mit freundlichen Gr=FC=DFen / with kind regards


+++ stephan f. yaraghchi

+++ lychener str. 61a
+++ 10437 berlin, germany
+++
+++ mail stephan@yaraghchi.org
+++ phone +49 30 44650068
+++ cell +49 172 3111534

www.deine-stimme-gegen-armut.de