Closed port RST: Any way to find out what port(s)?
Gary Palmer
gpalmer at freebsd.org
Mon May 16 17:36:54 UTC 2016
On Mon, May 16, 2016 at 12:31:02PM -0500, Larry Rosenman wrote:
> I'm seeing tons of:
> Limiting closed port RST response from 201 to 200 packets/sec
> in my log. Is there any way to see what port(s) are being pounded?
sysctl net.inet.tcp.log_in_vain=1
I expect you would get a ton of spam from that, so my suggestion would
be tcpdump. e.g.
tcpdump -i <interface> -n 'tcp[tcpflags] & (tcp-rst) != 0'
Regards,
Gary
More information about the freebsd-net
mailing list