Wiki

User Tools

Site Tools

Trace: log_packets
bsd:pf_packet_filter_firewall:log_packets

BSD - PF (Packet Filter) Firewall - Log Packets

sudo tcpdump -i pflog0 -o -ttt -vv -e -n

returns: 

Jan 16 12:13:14.001086 rule 3/0(match): block in on tun0: 1.2.3.4.1111 > 5.6.7.8.www: S [tcp sum ok] (src OS: Windows XP SP1, Windows 2000 SP2+) 3428743985:3428743985(0) win 16384 <mss 1440,nop,nop,sackOK> (DF) (ttl 119, id 4352)
....

NOTE: tcpdump can print the contents of packets in real time. 

sudo tcpdump -r /var/log/pflog -o -ttt -vv -e -n dst port 80

returns: 

Jan 16 12:13:14.001086 rule 3/0(match): block in on tun0: 1.2.3.4.1111 > 5.6.7.8.www: S [tcp sum ok] (src OS: Windows XP SP1, Windows 2000 SP2+) 3428743985:3428743985(0) win 16384 <mss 1440,nop,nop,sackOK> (DF) (ttl 119, id 4352)
....

NOTE: This limits the results to connections with a destination port of 80.

tcpdump allows connections to be filtered by IP Address, Hostname, Ethernet Address, TCP Flags, etc.

bsd/pf_packet_filter_firewall/log_packets.txt · Last modified: 2021/02/02 14:32 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki