Date: Tue, 20 Apr 2010 08:26:37 -0300 From: marcus <marcus.dicotomia@archlinux.com.br> To: freebsd-questions@freebsd.org Subject: Re: about tcpdump Message-ID: <201004200826.37826.marcus.dicotomia@archlinux.com.br> In-Reply-To: <20100415201645.2ef97db4@TheHughesLogcabin.net> References: <D93D58B75554414780C5B91D58293BED@desktop2002> <20100415201645.2ef97db4@TheHughesLogcabin.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 15 April 2010 22:16:45 Michael Hughes wrote: > On Thu, 15 Apr 2010 23:37:09 +0300 >=20 > Yavuz Ma=C5=9Flak <yavuz.maslak@netiletisim.net> wrote: > > I have a network. I wish to log all incoming and outgoing trafficc > > using tcpdump on my gateway server. But I don't want to log these > > traffic's data because of they take up much on disk. > > I only want to log which ports were used, which ip addresses were > > reached. How can I do these using tcpdump ? > > Could you give me an example or docs? > > I use freebsd7.2 >=20 > Have you thought about using ARGUS (Audit Record Generation and > Utilization System)? tcpdump syntax for a specific host: #tcpdump -i rl0 -n host 10.10.0.1 rl0 =3D interface 10.10.0.1 =3D your host tcpdump syntax for a specific port: #tcpdump -i rl0 -n port 22 22 =3D your port However your questions is more about filtering data using shell scripts tha= t=20 tcpdump syntax. If you isn't mastered it, tool as ARGUS are a good choice.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201004200826.37826.marcus.dicotomia>