From owner-freebsd-isp  Sat Sep 21 00:19:57 1996
Return-Path: owner-isp
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id AAA21030
          for isp-outgoing; Sat, 21 Sep 1996 00:19:57 -0700 (PDT)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id AAA20988
          for <freebsd-isp@freebsd.org>; Sat, 21 Sep 1996 00:19:53 -0700 (PDT)
Received: (from danny@localhost) by panda.hilink.com.au (8.7.6/8.7.3) id RAA10897; Sat, 21 Sep 1996 17:19:35 +1000 (EST)
Date: Sat, 21 Sep 1996 17:19:34 +1000 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: Richard Gresek <rg@plusnet.de>
cc: freebsd-isp@freebsd.org
Subject: Re: IP-Header Log
In-Reply-To: <199609201208.MAA01399@gds.de>
Message-ID: <Pine.BSF.3.91.960921171812.3641e-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-isp@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk



On Fri, 20 Sep 1996, Richard Gresek wrote:

> Is it possible to log the IP-headers taht are going through one interface?
> (Need to see the source- and the destination ip-address + the port)
> 
> We are running several FreeBSD-servers for our customers as 
> ISDN-Routers (with bisdn). The routers setup the ISDN-line once per 
> hour, even during the night.
> 
> I d like to find which workstation on which port is sending the 
> packets that cause the dialout.

Use ipfw (options IPFIREWALL) or Berkeley Packet Filter and tcpdump
(pseudo-device bpf 4)

Danny