Date: Tue, 20 Mar 2007 08:40:00 -0500 From: Eric <heli@mikestammer.com> To: Volker <volker@vwsoft.com> Cc: freebsd-pf@freebsd.org Subject: Re: pf logging differences Message-ID: <45FFE430.7000206@mikestammer.com> In-Reply-To: <45FFD0C7.6030600@vwsoft.com> References: <45FE919B.7040208@mikestammer.com> <45FFD0C7.6030600@vwsoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Volker wrote: > On 12/23/-58 20:59, Eric wrote: >> in this case, pf logging looks like this: >> >> >> Why is the first host producing more detailed logs? why isnt pf showing >> the port that was blocked or anything else like it does in the first >> host? Is there a way to make the ng0 interface log more or is this due >> to the netgraph hooks into pf? > > ICMP packets do NOT have any port numbers. The example you've shown > had 3 ICMP packets being blocked. > > On the other side, I'm always using `tcpdump -nettttvvi ...' (the > -vv parameters gives more output but might annoy you for SMB / > netbios traffic). > > > HTH, > > Volker It does. i picked some bad examples there. the issue was not having IPv6 on the second machine and as such it was using a smaller value for the capture size (64 vs 96 I believe). Using -s 100 fixed it and things look as expected. Eric
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45FFE430.7000206>