From owner-freebsd-stable@FreeBSD.ORG Wed Oct 26 10:19:22 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 72E7E16A41F for ; Wed, 26 Oct 2005 10:19:22 +0000 (GMT) (envelope-from dawnshade@mail.ru) Received: from relay1.kaspersky-labs.com (relay1.kaspersky-labs.com [212.5.80.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7BA1043D4C for ; Wed, 26 Oct 2005 10:19:19 +0000 (GMT) (envelope-from dawnshade@mail.ru) Received: from relay1.kaspersky-labs.com (localhost [127.0.0.1]) by relay1.kaspersky-labs.com (ESMTP) with SMTP id 29BC617184; Wed, 26 Oct 2005 12:20:50 +0400 (MSD) Received: from antispam.localhost (localhost [127.0.0.1]) by relay1.kaspersky-labs.com (ESMTP) with SMTP id C88B5171A5; Wed, 26 Oct 2005 12:20:49 +0400 (MSD) Received: by relay1.kaspersky-labs.com (ESMTP, from userid 230) id C0C5A171A0; Wed, 26 Oct 2005 12:20:49 +0400 (MSD) Received: from avp_server2.avp.ru (mx.avp.ru [212.5.80.15]) by relay1.kaspersky-labs.com (ESMTP) with ESMTP id AC4CF1719D; Wed, 26 Oct 2005 12:20:49 +0400 (MSD) Received: from moscow2.avp.ru ([10.64.0.4]) by avp_server2.avp.ru with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Oct 2005 12:20:49 +0400 Received: from moscow.avp.ru ([10.64.0.3]) by moscow2.avp.ru with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Oct 2005 12:20:49 +0400 Received: from [172.16.128.10] ([172.16.128.10]) by moscow.avp.ru with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Oct 2005 12:20:49 +0400 From: dawnshade To: freebsd-stable@freebsd.org, anton@nikiforov.ru Date: Wed, 26 Oct 2005 12:20:31 +0400 User-Agent: KMail/1.8.2 References: <435E85AB.3070701@nikiforov.ru> <200510261053.27853.dawnshade@mail.ru> <435F3994.9020801@nikiforov.ru> In-Reply-To: <435F3994.9020801@nikiforov.ru> MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200510261220.32300.dawnshade@mail.ru> X-OriginalArrivalTime: 26 Oct 2005 08:20:49.0281 (UTC) FILETIME=[2C006710:01C5DA06] X-SpamTest-Version: SMTP-Filter Version 2.0.0 [0125], KAS/Release X-Spamtest-Info: Pass through X-Anti-Virus: Kaspersky Anti-Virus for MailServers 5.5.2/RELEASE, bases: 26102005 #146863, status: clean Cc: Subject: Re: pf and short packets X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Oct 2005 10:19:22 -0000 On Wednesday 26 October 2005 12:08, Anton Nikiforov wrote: > On Tuesday 25 October 2005 23:21, Anton Nikiforov wrote: > >> tcpdump -n -e -ttt -x -i pflog0 host 127.0.0.1 > >>000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 > > >>127.0.0.1.643: . ack 30 win 65535 > >> =9A =9A =9A =9A 0x0000: =9A4600 002c 6605 4000 0306 11c5 7f00 0001 > >> =9AF..,f.@......... 0x0010: =9A7f00 0001 0100 0000 0202 0283 8129 5dab > >> =9A.............)]. 0x0020: =9A5db7 f2f2 5010 ffff 7dce 0000 =9A =9A = =9A =9A =9A > >> =9A]...P...}... 000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.= 514 > >> > > >>127.0.0.1.643: . ack 30 win 65535 > >> =9A =9A =9A =9A 0x0000: =9A4600 002c d21d 4000 0306 a5ac 7f00 0001 > >> =9AF..,..@......... 0x0010: =9A7f00 0001 0100 0000 0202 0283 8129 5dab > >> =9A.............)]. 0x0020: =9A5db7 f2f2 5010 ffff 7dce 0000 =9A =9A = =9A =9A =9A > >> =9A]...P...}... > >> > >>The rule for this packet is not a "log" one, but the sign (short) is > >>what i cannot understand. > > > > Read 'man 1 tcpdump' about key "-s". > > You command must be like "tcpdump -s 1000 -n -e -ttt -x -i pflog0 host > > 127.0.0.1" > > > > Change value 1000 to appropriate. > > Hi, and thanks for the replay, > but my question is not about how to use tcpdump (i know -s key), but > what to do with pf to make this packets pass through. > When my pf is up i cannot rsh to ipcad, but when it is down - everything > is working just fine. > I need this rsh to get my ip statistics. sorry, i misunderstand you. can you provide output 'pfctl -sr -g' (at leat sensitive rules before numbe= r=20 34)