Date: Wed, 26 Oct 2005 12:20:31 +0400 From: dawnshade <dawnshade@mail.ru> To: freebsd-stable@freebsd.org, anton@nikiforov.ru Subject: Re: pf and short packets Message-ID: <200510261220.32300.dawnshade@mail.ru> In-Reply-To: <435F3994.9020801@nikiforov.ru> References: <435E85AB.3070701@nikiforov.ru> <200510261053.27853.dawnshade@mail.ru> <435F3994.9020801@nikiforov.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 26 October 2005 12:08, Anton Nikiforov wrote: > On Tuesday 25 October 2005 23:21, Anton Nikiforov wrote: > >> tcpdump -n -e -ttt -x -i pflog0 host 127.0.0.1 > >>000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 > > >>127.0.0.1.643: . ack 30 win 65535 > >> =9A =9A =9A =9A 0x0000: =9A4600 002c 6605 4000 0306 11c5 7f00 0001 > >> =9AF..,f.@......... 0x0010: =9A7f00 0001 0100 0000 0202 0283 8129 5dab > >> =9A.............)]. 0x0020: =9A5db7 f2f2 5010 ffff 7dce 0000 =9A =9A = =9A =9A =9A > >> =9A]...P...}... 000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.= 514 > >> > > >>127.0.0.1.643: . ack 30 win 65535 > >> =9A =9A =9A =9A 0x0000: =9A4600 002c d21d 4000 0306 a5ac 7f00 0001 > >> =9AF..,..@......... 0x0010: =9A7f00 0001 0100 0000 0202 0283 8129 5dab > >> =9A.............)]. 0x0020: =9A5db7 f2f2 5010 ffff 7dce 0000 =9A =9A = =9A =9A =9A > >> =9A]...P...}... > >> > >>The rule for this packet is not a "log" one, but the sign (short) is > >>what i cannot understand. > > > > Read 'man 1 tcpdump' about key "-s". > > You command must be like "tcpdump -s 1000 -n -e -ttt -x -i pflog0 host > > 127.0.0.1" > > > > Change value 1000 to appropriate. > > Hi, and thanks for the replay, > but my question is not about how to use tcpdump (i know -s key), but > what to do with pf to make this packets pass through. > When my pf is up i cannot rsh to ipcad, but when it is down - everything > is working just fine. > I need this rsh to get my ip statistics. sorry, i misunderstand you. can you provide output 'pfctl -sr -g' (at leat sensitive rules before numbe= r=20 34)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510261220.32300.dawnshade>