From owner-freebsd-questions Tue Oct 15 13:34: 0 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E14237B401 for ; Tue, 15 Oct 2002 13:33:58 -0700 (PDT) Received: from ermis.cc.duth.gr (ermis.cc.duth.gr [192.108.114.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C03143EAC for ; Tue, 15 Oct 2002 13:33:55 -0700 (PDT) (envelope-from bigbrother@bonbon.net) Received: from bigb3server.bbcluster.gr (b9-29.xan.duth.gr [193.92.211.29]) by ermis.cc.duth.gr (8.12.3/8.12.3) with ESMTP id g9FKXodt058638 for ; Tue, 15 Oct 2002 23:33:51 +0300 (EEST) (envelope-from bigbrother@bonbon.net) Received: from bigb3server.bbcluster.gr (localhost.bbcluster.gr [127.0.0.1]) by bigb3server.bbcluster.gr (8.12.3/8.12.3) with ESMTP id g9FK4sCZ093056 for ; Tue, 15 Oct 2002 23:04:54 +0300 (EEST) (envelope-from bigbrother@bonbon.net) Received: from localhost (bigbrother@localhost) by bigb3server.bbcluster.gr (8.12.3/8.12.3/Submit) with ESMTP id g9FK4rmR093053 for ; Tue, 15 Oct 2002 23:04:54 +0300 (EEST) X-Authentication-Warning: bigb3server.bbcluster.gr: bigbrother owned process doing -bs Date: Tue, 15 Oct 2002 23:04:52 +0300 (EEST) From: BigBrother X-X-Sender: bigbrother@bigb3server.bbcluster.gr To: questions@FreeBSD.ORG Subject: Re: monitor ALL connections to ALL ports Message-ID: <20021015230205.D212-100000@bigb3server.bbcluster.gr> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG It sounds to me that you are looking for a Network Intrusion system. 1) try: /usr/ports/security/snort It has plenty of rules that can help you log whatever u like. 2) Also another possibility is to use tcpdump host -w which will log all the packets heading for your IP in raw form in the logifle. TCPdump has many swithches. The format of the logfile is in libcap format and there are plenty of parsers of this file [including tcpdump, ethereal, snort] IMO, try to log ALL connections to ALL ports ONLY if ur box is faster than a PIII, 500Mhz, 256 RAM. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message