Today I was shocked when I found, what PF doesn't support filtering by
packets size and can't answer by admin-generated icmp code (for
example, by icmp code 1 admin. prohibited). And don't tell me that
it is useless.
Packets size: We already had users attacks, then huge count of full-
sized
Hi
I run a dark net and feed data to one of the well known security
organisations. I get the dark net data from the drop logs on our
firewall by running tcpdump with appropriate filters. Up until now I
have piped the data from tcpdump though a perl script to produce a
standardised
On 2008/11/19 13:48, Russell Fulton wrote:
Does anyone have any suggestions as to how we can get data in pf log
files into pcap files that can be read (and filtered) on other
systems.
the packets have a struct pfloghdr header as described in pflog(4);
this could be chopped off. I'm not aware
On Tue, Nov 18, 2008 at 10:36:48AM -0800, [EMAIL PROTECTED] wrote:
Today I was shocked when I found, what PF doesn't support filtering by
packets size and can't answer by admin-generated icmp code (for
example, by icmp code 1 admin. prohibited). And don't tell me that
it is useless.
Packets
On Wed, Nov 19, 2008 at 01:13:32AM +, Stuart Henderson wrote:
On 2008/11/19 13:48, Russell Fulton wrote:
Does anyone have any suggestions as to how we can get data in pf log
files into pcap files that can be read (and filtered) on other
systems.
the packets have a struct pfloghdr
