I am open to using tcpdump, though I would have a few questions about it. Would it have more overhead, adding tcpdump on top of ipfilter? Can tcpdump run as a daemon without needing a watchdog? Is log rotation easy?
Ben On Thu, May 11, 2006 at 09:46:57AM +0200, Michael Grant wrote: > What about using tcpdump? > > On 5/11/06, Ben Collver <[EMAIL PROTECTED]> wrote: > >I am using stateful filtering on NetBSD/3.0. > > > >I would like to log the header of every packet that: > >goes out interface X, from network A, to anywhere except network B > >goes in inetface X, from anywhere except network B, to network A > > > >I tried to write rules to do this, but they only log the first packet > >before state is established. > > > >Are ipfilter/ipmon the right tools for the job? How can I log all > >packets? > > > >Thank you, > > > >Ben > > > >
