Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 1 Feb 2001 07:04:54 +0100
From:      Fenix <fenix@xs4some.net>
To:        Sam Wun <swun@esec.com.au>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: packets in ipmon
Message-ID:  <01020107045404.00362@xs4some.net>
In-Reply-To: <3A78FB23.3C441BDB@esec.com.au>
References:  <00c901c08a66$5f1ce3c0$0101a8c0@pavilion> <01020100222100.11584@xs4some.net> <3A78FB23.3C441BDB@esec.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help 
I don't know if ipmon nativly supports what you need but if you run ipmon as 
a daemon and let it log to a log file then you can just 
"tail -f /var/log/ipf.log | grep ip_you_want_to_see" , or something like that
you can enable ipmon from rc.conf  ipmon_enable="yes", ipmon_flags="-D 
/var/log/ipf.log"
also chek /etc/defaults/rc.conf for possible ipf ipnat options and ipmon man 
page
On Thursday 01 February 2001 06:58, you wrote:
> Is it always a single packet in the ipmon blocked msg? If I want to know a
> how many packets  has been blocked to a destination ip address, I will need
> to add up all the blocked msg to this destination ip address. the ipstat
> only shows the total packets (for all addresses) that has been blocked by
> ipmon
>
> Thanks Sam
>
> Fenix wrote:
> > The line you include in your mail just shows a single packet that has
> > been blocked
> > use ipfstat to see details about blocket packets etcetra
> > tpi: instll ports/misc/display  and use it like #display -1 ipfstat
> >
> > Greets Fenix
> >
> > On Wednesday 31 January 2001 23:28, you wrote:
> > > Hi,
> > >
> > > I am wondering which part of the output from ipmon message indicate
> > > number of packets has been blocked? for example:
> > >
> > > Feb  1 09:25:14 swun ipmon[55]: 09:25:14.540972 dc0 @0:18 b
> > > 203.21.85.29,631 -> 203.21.85.255,631 PR udp len 20 34816  IN
> > >
> > > Thanks
> > > Sam

-- 

If you have to hate, hate gently ....


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01020107045404.00362>