Re: native recording of all network connections on freebsd
- In reply to: Dan Mack : "native recording of all network connections on freebsd"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 29 Dec 2022 02:31:01 UTC
On Dec 28, 2022, at 6:21 AM, Dan Mack <mack@macktronics.com> wrote:
>
> I'm wondering if anyone can help point me at a good way to continously capture every inbound and outbound connection made to a freebsd system. I'd prefer a way that is native in base if possible. I don't really want to record all the packets, just the src:dest:rport:dport stats.
I'd build a simple program using pcap(3), and compile a bpf program
using pcap_compile and then do pcap_setfilter to capture just the
packets I want. Then save the desired fields from captured packets
(and use a hashtable if just {src,dst}{ip,port} are wanted). There
are online examples one can start from.