> Is it possible to log the OS of a passed/blocked packet, instead > of just using the OS for filtering? I am trying to do an analysis > of what OSes are typically used for, say, spamming.
tcpdump -netttor /var/log/pflog 'tcp[13] == 2 and port 25' .mike
