On Sat, Mar 16, 2002 at 09:57:46AM -0500, Robert Watson wrote: > Heh. I had something a little like that at one point -- it just > acted as a pass-through, but also logged in the pcap format. I > thought someone had done modifications to tcpdump to allow it to > speak to divert sockets, don't know that it was ever actually > committed. Might be in the PR's still. Was great for testing and > understanding firewall rules.
in OpenBSD pf, packets matching a 'log' rule are dup'd to the pflog dummy device, annotated with an additional header (interface, rule number, reason, etc.). you can then use pflogd, tcpdump (either in OpenBSD or from tcpdump.org), or snort listening on pflog0 to save the packets in pcap format, print them out, or analyze them for attacks, etc. -d. --- http://www.monkey.org/~dugsong/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
