On Wed, Feb 04, 2004 at 10:46:47AM -0500, Mike Frantzen wrote: > > Is it possible to log the OS of a passed/blocked packet, instead > > of just using the OS for filtering? I am trying to do an analysis > > of what OSes are typically used for, say, spamming. > > tcpdump -netttor /var/log/pflog 'tcp[13] == 2 and port 25'
pfctl(8), pf.conf(5), pflog(4), pflogd(8)...damn it, I knew I forgot one. Thanks. -Ray-
