From owner-freebsd-security Mon Jun 11 13:16: 4 2001 Delivered-To: freebsd-security@freebsd.org Received: from mta5.rcsntx.swbell.net (mta5.rcsntx.swbell.net [151.164.30.29]) by hub.freebsd.org (Postfix) with ESMTP id C8B5937B403 for ; Mon, 11 Jun 2001 13:15:59 -0700 (PDT) (envelope-from ryanpek@swbell.net) Received: from mhx800 ([64.219.216.69]) by mta5.rcsntx.swbell.net (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10) with SMTP id <0GES001AL81E7G@mta5.rcsntx.swbell.net> for freebsd-security@freebsd.org; Mon, 11 Jun 2001 15:10:26 -0500 (CDT) Date: Mon, 11 Jun 2001 15:10:33 -0500 From: Ryan Subject: Re: IPFILTER byte/packet counting To: freebsd-security@freebsd.org Message-id: <000401c0f2b2$930e1cd0$01000001@mhx800> MIME-version: 1.0 X-Mailer: Microsoft Outlook Express 5.50.4522.1200 Content-type: text/plain; charset="iso-8859-1" Content-transfer-encoding: 7bit X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 References: <3B24F469.13D59538@centtech.com> <000401c0f2b0$0331dfe0$01000001@mhx800> X-Priority: 3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Along with ipf you can use ipfmon which shows the following packet > infomation ipfmon = ipfstat my bad... ipfmon will let you watch all the packets being blocked Ryan ----- Original Message ----- From: "Ryan" To: Sent: Monday, June 11, 2001 2:52 PM Subject: Re: IPFILTER byte/packet counting > http://www.obfuscation.org/ipf/ > > this is the only link that i have > Along with ipf you can use ipfmon which shows the following packet > infomation > [root@rolln /home/mhx$] ipfstat > input packets: blocked 461 passed 46857 nomatch 0 counted 0 short 0 > output packets: blocked 0 passed 47234 nomatch 0 counted 0 short 0 > input packets logged: blocked 461 passed 0 > output packets logged: blocked 0 passed 0 > packets logged: input 0 output 0 > log failures: input 17 output 0 > fragment state(in): kept 0 lost 0 > fragment state(out): kept 0 lost 0 > packet state(in): kept 257 lost 0 > packet state(out): kept 256 lost 0 > ICMP replies: 454 TCP RSTs sent: 6 > Invalid source(in): 0 > Result cache hits(in): 332 (out): 4 > IN Pullups succeeded: 0 failed: 0 > OUT Pullups succeeded: 0 failed: 0 > Fastroute successes: 460 failures: 0 > TCP cksum fails(in): 0 (out): 0 > Packet log flags set: (0) > > i hope that helps > > > none > ----- Original Message ----- > From: "Eric Anderson" > To: > Sent: Monday, June 11, 2001 11:40 AM > Subject: IPFILTER byte/packet counting > > > > Using IPFILTER with a bridge, can ipf count packets and bytes going > > to/from an ip? I see things like dummynet (which only works with > > ipfw?). Does anyone have a good url of a howto or information on this? > > I basically need to see usage (in bytes really) to/from certain ip's > > behind my ipf/bridging firewall. > > > > Eric > > > > > > -- > > -------------------------------------------------------------------------- > ----- > > Eric Anderson anderson@centtech.com Centaur Technology (512) > > 418-5792 > > For every complex problem, there is a solution that is simple, neat, and > > wrong. > > -------------------------------------------------------------------------- > ----- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message