From nobody Wed Dec 28 14:28:47 2022
X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nhv655gcpz1LphZ
	for <freebsd-current@mlmmj.nyi.freebsd.org>; Wed, 28 Dec 2022 14:29:01 +0000 (UTC)
	(envelope-from sodynet1@gmail.com)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nhv653jJyz3NHV
	for <freebsd-current@freebsd.org>; Wed, 28 Dec 2022 14:29:01 +0000 (UTC)
	(envelope-from sodynet1@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-lj1-x22d.google.com with SMTP id f20so16680853lja.4
        for <freebsd-current@freebsd.org>; Wed, 28 Dec 2022 06:29:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=w/YBMYeTvSDo3Q+bsgPwVXoSnfHF1kWbjHpgavOe1vc=;
        b=A/LhNGHJ41BnWCjLu1T8fMIbqpB5OLC+lx+XPBDSl5D0CEiwbHho++a3UJ5ax3juM7
         yxC16ZS7BfD3bLY8YgYzY9CNTUlCAPfVHeHY68S9s3DOl8oKIXw3xPcRfeSY99WhnMx5
         fI48JqowkdjHwO6XeXJLqB0n+NJatDXQFQVXp9CuUeFGkJ5G2X4eEQu+d4LmgMYfLTsE
         TlUtaKtk2kSirOAP29OlLMxhqNdfuPOeBel+GX8ej2Y3GEUBA4LB21ECkbzxObdssaJB
         s3eCHdU+mGGPYYVHv+qYubiEkYlSrAdATXcC9khJEOKjKId4pM+r/fulKidcpv7S4Ech
         vzyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=w/YBMYeTvSDo3Q+bsgPwVXoSnfHF1kWbjHpgavOe1vc=;
        b=ihD/I45hmj2EiQNrNE9hLbfas7Ztq4FAFHcOCFv8SBS0yoIfB0dOf6XzSzSTesMAIJ
         InGGu1fG5HHsTxVQAFO5M93SzbTGP1Z2O1FBiIXe+ME0jqUjwPQxHpzZ1VdV03qUlpb0
         cqsx0Y/iMI4Fi4tQM9sXYJO3npXhrsBTZpLi75X839JeqtH3NNX+3J+B97KnSsV3kbIh
         Mgr54pxr7NKgYBxHAtwGuuHiuhmx6+Vad9A46R4+PfkxzAehSP+qcr0eSTnB0LFOZUSD
         ix5uqPvOeo2dkoeJ669HdzVLBKhMa6XPgr0R/CgoGs6L2R8ZQTn3pVOKwV030PrSEmcL
         CF5A==
X-Gm-Message-State: AFqh2kpsCy/0wd2cW2Ceh6JBdvbxdyk1E6S+Y113twiVGvYwUlyiKrLS
	MiadLyGiv5pBZZr/B3guRALBgeJp7Wwn+buwQiyhMKVh
X-Google-Smtp-Source: AMrXdXvbbcHk6UDKgOVVBHfXxOD/2xTobyiGwL+zLuB+24i8gPrRFL/oG9Krm8bOB2S9tmp3aHC+z1m/ISy8mhmls4g=
X-Received: by 2002:a2e:9bd4:0:b0:27f:c51a:73de with SMTP id
 w20-20020a2e9bd4000000b0027fc51a73demr337707ljj.332.1672237737711; Wed, 28
 Dec 2022 06:28:57 -0800 (PST)
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@freebsd.org
MIME-Version: 1.0
References: <b2ea51ee-3944-b8d7-e0a8-8e4f16ebb8f@macktronics.com>
In-Reply-To: <b2ea51ee-3944-b8d7-e0a8-8e4f16ebb8f@macktronics.com>
From: Sami Halabi <sodynet1@gmail.com>
Date: Wed, 28 Dec 2022 16:28:47 +0200
Message-ID: <CAEW+ogbJrKJR+QJ2hmzvAOTaX6YoftMT0GrEcqEOhwAMddczbg@mail.gmail.com>
Subject: Re: native recording of all network connections on freebsd
To: Dan Mack <mack@macktronics.com>
Cc: FreeBSD Current <freebsd-current@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000561cfa05f0e43070"
X-Rspamd-Queue-Id: 4Nhv653jJyz3NHV
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

--000000000000561cfa05f0e43070
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

using firewall ike ipfw with rule to log any to any would be a start.. for
advanced use, stateful fw so You can log start of connections

=D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A =D7=99=D7=95=D7=9D =D7=93=D7=B3, 28 =
=D7=91=D7=93=D7=A6=D7=9E=D7=B3 2022, 16:21, =D7=9E=D7=90=D7=AA Dan Mack =E2=
=80=8F<mack@macktronics.com>:

>
> I'm wondering if anyone can help point me at a good way to continously
> capture every inbound and outbound connection made to a freebsd system.
> I'd prefer a way that is native in base if possible.   I don't really wan=
t
> to record all the packets, just the src:dest:rport:dport stats.
>
> Happy to RTFM as well,
>
> Dan
>
>

--000000000000561cfa05f0e43070
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto">using firewall ike ipfw with rule to log any to any would=
 be a start.. for advanced use, stateful fw so You can log start of connect=
ions</div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_at=
tr">=D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A =D7=99=D7=95=D7=9D =D7=93=D7=B3, 2=
8 =D7=91=D7=93=D7=A6=D7=9E=D7=B3 2022, 16:21, =D7=9E=D7=90=D7=AA Dan Mack =
=E2=80=8F&lt;<a href=3D"mailto:mack@macktronics.com">mack@macktronics.com</=
a>&gt;:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8=
ex;border-left:1px #ccc solid;padding-left:1ex"><br>
I&#39;m wondering if anyone can help point me at a good way to continously =
<br>
capture every inbound and outbound connection made to a freebsd system. <br=
>
I&#39;d prefer a way that is native in base if possible.=C2=A0 =C2=A0I don&=
#39;t really want <br>
to record all the packets, just the src:dest:rport:dport stats.<br>
<br>
Happy to RTFM as well,<br>
<br>
Dan<br>
<br>
</blockquote></div>

--000000000000561cfa05f0e43070--