Re: native recording of all network connections on freebsd

In reply to: Damjan Jovanovic : "Re: native recording of all network connections on freebsd"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Marek Zarychta <zarychtam_at_plan-b.pwste.edu.pl>
Date: Thu, 29 Dec 2022 09:13:24 UTC

W dniu 29.12.2022 o 02:58, Damjan Jovanovic pisze:
>
>
> On Wed, Dec 28, 2022 at 4:21 PM Dan Mack <mack@macktronics.com> wrote:
>
>
>     I'm wondering if anyone can help point me at a good way to
>     continously
>     capture every inbound and outbound connection made to a freebsd
>     system.
>     I'd prefer a way that is native in base if possible.   I don't
>     really want
>     to record all the packets, just the src:dest:rport:dport stats.
>
>     Happy to RTFM as well,
>
>     Dan
>
>
> Another possibility is to enable Netflow in ipfw (there is an 
> ipfw_netflow service), which submits periodic reports of all 
> connections made and their data usage, and then collect and process 
> the Netflow data using a Netflow server.
>
> Or develop a custom Netgraph service that examines packets and logs 
> connections. This would even work in the absence of any firewall.
>
Such a node exists: ng_netflow(4) and works flawlessly.



-- 
Marek Zarychta