Re: native recording of all network connections on freebsd

Reply: Marek Zarychta : "Re: native recording of all network connections on freebsd"
In reply to: Dan Mack : "native recording of all network connections on freebsd"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Damjan Jovanovic <damjan.jov_at_gmail.com>
Date: Thu, 29 Dec 2022 01:58:02 UTC

On Wed, Dec 28, 2022 at 4:21 PM Dan Mack <mack@macktronics.com> wrote:

>
> I'm wondering if anyone can help point me at a good way to continously
> capture every inbound and outbound connection made to a freebsd system.
> I'd prefer a way that is native in base if possible.   I don't really want
> to record all the packets, just the src:dest:rport:dport stats.
>
> Happy to RTFM as well,
>
> Dan
>
>
Another possibility is to enable Netflow in ipfw (there is an ipfw_netflow
service), which submits periodic reports of all connections made and their
data usage, and then collect and process the Netflow data using a Netflow
server.

Or develop a custom Netgraph service that examines packets and logs
connections. This would even work in the absence of any firewall.

Damjan