On Mon, 6 Feb 2012 12:27:08 +0000
Mark Lumsden <m...@cyodesigns.com> wrote:
> On 06 February 2012 at 10:53 Mark Lumsden <m...@showcomplex.com>
> wrote:
>
> > >On 2012/02/06 00:21, Bryan Steele wrote:
> > >> On Mon, Feb 06, 2012 at 04:47:45AM +0000, Mark Lumsden wrote:
> > >> > There is a CAVEAT section in the man page that should also be
> > >> > amended, I suspect.
> > >>
> > >> Heh, whoops. :)
> > >>
> > >> > Although useless on the initaiting machine, is it of any use to
> > >> > be able to scan a range of UDP ports, for diagnotic reasons,
> > >> > and to see what is received (or not) on the receiving machine?
> > >> > As in, can anything be infered from the opens reaching (or not)
> > >> > the scanned machine?
> > >>
> > >> From what I can tell, no traffic is actually generated on the
> > >> initaiting machine.. nothing in tcpdump anyway.
> > >
> > >Traffic is generated for me, but it's inconsistent, if I try
> > >'nc -z -u somehost 1-65535' sometimes I get 10K ports, sometimes
> > >a few hundred. Haven't seen the full set.
> > >
> >
> > The source code has a comment in udptest() in netcat.c about this
> > problem.
> >
>
> Actually, I notice from systat that the maximum connections in the
> [states] screen goes up to 10,000 (e.g if you use a range of 1-50000)
> then no more UDP packets can be sent until some of the existing ones
> start timing out at 60+seconds. Then, if you reissue the command, as
> you reach 10,000 again no more UDP packets are sent. So looks like
> the maximum connections is a PF limitation. When PF is switched off
> the number increases.
did you try the following,
pf.conf:
set limit states 25000 ?
--
With best regards,
Gregory Edigarov
