From owner-freebsd-questions@freebsd.org Sat Aug 25 20:54:56 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BCE5510962CE for ; Sat, 25 Aug 2018 20:54:56 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-qt0-x231.google.com (mail-qt0-x231.google.com [IPv6:2607:f8b0:400d:c0d::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BBDB81FD2 for ; Sat, 25 Aug 2018 20:54:56 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: by mail-qt0-x231.google.com with SMTP id h4-v6so13978297qtj.7 for ; Sat, 25 Aug 2018 13:54:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tenebras-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=IAC9r61Djbn/u/c96g2S5Q3TFYL3+BQNVspIbxkcPv4=; b=UQVRB4nKuAF8LDMeq/HQzHEISjpGoWmp8Ka+9vLkEGKD4wDbun97U07eMnarysnY7h hilvr9RANMQGTOcYK4n5PDfH6J7eHvFKqOzWsYCrlThZ1Jwl0ccI5Cs0RJXOY9edCkAe YzEs0ySXERZ3t8JTcY6YTE9y4mfgbG0R9ZrOo5c4asaUGtp/YwLR3E/zRTXlF8uki2xp zkCB8P1Fv33H5u4DOJSe/+l2Ko4yUEf51c208TSdK1j8FlCM/g/CYgIaUCtR4JnHJrR1 Dxyh+uOUUd8u9doAO0AGvuNJ+i3u9oTYkbOPWGwsu+FwylqRTuMa92b92nGma3pEGqwp f3kQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=IAC9r61Djbn/u/c96g2S5Q3TFYL3+BQNVspIbxkcPv4=; b=KHYvcnWGGQdqAKolIOb5eGuiUhZ/CQj0gTST1Rk2hv4C4dmgkRkWJRCylXeMM9VgI2 fWPVL1niF0Ww4K3VQ7wWDfUAXh0qZDNAABgqgCR+rM5HuikVrNcUrXeknQNC7XHtDdgp /TkSjGRYsrccqmBNscslAHiOAb4v4XEOKRQcWzLvFoJnLl/j7rhjW7d+LGxVO0esipQo WvhNjFc/EdMIrbNMAEEaYOTB4hoTETqZwmTIHtr2WyRIs5tFL9H8Kp6e084bxcQ8H47q Cxcbq6GHHzdC0nI+UwU+ttQkA+uEH+IHyj+TCQDVTjkgS2s7z5uAQIMNpVyuSKhxZSDL RVZg== X-Gm-Message-State: APzg51Dw7W6km/pGvKtdlIMlhXkrTl5giC0hHAiOLdg24GWd4QxPLLXB uNezDLuHI5la0ZwTUGxVIydZ6GKP/n28O8tEzTvG0J2C3VU= X-Google-Smtp-Source: ANB0Vda5ZPbp1knRk+Tmh2PJOLIdGEj9abgCneIpxb3GkMWbqhdgifXewD/WXOzrGD2iwCEZI49Ss3Fwf7oGU0Xjw7U= X-Received: by 2002:ac8:1804:: with SMTP id q4-v6mr7585501qtj.223.1535230495143; Sat, 25 Aug 2018 13:54:55 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Michael Sierchio Date: Sat, 25 Aug 2018 13:54:44 -0700 Message-ID: Subject: Re: finding the port for "kernel: Limiting open port RST response from x to y packets/sec" To: FreeBSD Questions Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Aug 2018 20:54:57 -0000 On Sat, Aug 25, 2018 at 11:34 AM nusenu wrote: > > kernel: Limiting open port RST response from xxxx to yyy packets/sec > Is there a way to find out which specific TCP port is getting hammered > or any other additional debug information related to these log entries? > (the server has multiple open and publicly reachable open TCP ports) > You can identify and log these packets in IPFIREWALL (man ipfw). You can also set sysctl net.inet.tcp.log_debug=3D1 --=20 "Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, but an intelligent person requires only two thousand five hundred." - The Mah=C4=81bh=C4=81rata