W dniu 29.12.2022 o 02:58, Damjan Jovanovic pisze:
On Wed, Dec 28, 2022 at 4:21 PM Dan Mack <m...@macktronics.com> wrote:
I'm wondering if anyone can help point me at a good way to
continously
capture every inbound and outbound connection made to a freebsd
system.
I'd prefer a way that is native in base if possible. I don't
really want
to record all the packets, just the src:dest:rport:dport stats.
Happy to RTFM as well,
Dan
Another possibility is to enable Netflow in ipfw (there is an
ipfw_netflow service), which submits periodic reports of all
connections made and their data usage, and then collect and process
the Netflow data using a Netflow server.
Or develop a custom Netgraph service that examines packets and logs
connections. This would even work in the absence of any firewall.
Such a node exists: ng_netflow(4) and works flawlessly.
--
Marek Zarychta
