ed <[EMAIL PROTECTED]> wrote:
> Thats good, thanks, I thought tcpdump was IP layer only, because of
> the name.
While tcpdump is not IP layer only, pf is. So you will not be able
to see ARP packets or ethernet addresses when reading pflog.
Can
> On Tue, 13 Sep 2005 14:38:09 +0300
> Huzeyfe Onal
Thats good, thanks, I thought tcpdump was IP layer only, because of
the name.
On Tue, 13 Sep 2005 14:38:09 +0300
Huzeyfe Onal <[EMAIL PROTECTED]> wrote:
> try #tcpdump arp to see only arp packages.
> wants to get link-level header? Add -e option..
>
>
> 2005/9/12, ed <[EMAIL PROTECTED]>:
>
try #tcpdump arp to see only arp packages.
wants to get link-level header? Add -e option..
2005/9/12, ed <[EMAIL PROTECTED]>:
> On Mon, 12 Sep 2005 13:26:19 -0400
> "Will H. Backman" <[EMAIL PROTECTED]> wrote:
>
> > >
> > > This has most of the data that I need, but it seems to be missing
> >
On Mon, 12 Sep 2005 13:26:19 -0400
"Will H. Backman" <[EMAIL PROTECTED]> wrote:
> >
> > This has most of the data that I need, but it seems to be missing
> > one thing
> > that I think is important. How can I determine if the traffic is
> > TCP/UDP/ICMP etc?
> >
> If you have ack and window flag
On Mon, Sep 12, 2005 at 01:03:39PM -0400, stan wrote:
>
> I've captured a bit of data as pflog files. Then I've processed these files
> with:
>
> tcpdump -n -e -
>
> Which results in data records like this:
>
> 2005-09-08 20:26:40.328379 rule 5/0(match): pass out on fxp0: IP
> 170.85.113.
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> stan
> Sent: Monday, September 12, 2005 1:04 PM
> To: OpenBSD general usage list
> Subject: A question about examining pf loging data
>
> I've set up a transparent bri
On 9/12/05, stan <[EMAIL PROTECTED]> wrote:
> I've set up a transparent bridge, with pf in "pass all log" mode to capture
> data to/from a particular subnet. I am gathering data about the traffic
> that passes through this gateway in order to prepare for installing a
> firewall.
Although I've enve
I've set up a transparent bridge, with pf in "pass all log" mode to capture
data to/from a particular subnet. I am gathering data about the traffic
that passes through this gateway in order to prepare for installing a
firewall.
I've captured a bit of data as pflog files. Then I've processed these
8 matches
Mail list logo