pf and short packets
dawnshade
dawnshade at mail.ru
Wed Oct 26 03:19:22 PDT 2005
On Wednesday 26 October 2005 12:08, Anton Nikiforov wrote:
> On Tuesday 25 October 2005 23:21, Anton Nikiforov wrote:
> >> tcpdump -n -e -ttt -x -i pflog0 host 127.0.0.1
> >>000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 >
> >>127.0.0.1.643: . ack 30 win 65535
> >> 0x0000: 4600 002c 6605 4000 0306 11c5 7f00 0001
> >> F..,f. at ......... 0x0010: 7f00 0001 0100 0000 0202 0283 8129 5dab
> >> .............)]. 0x0020: 5db7 f2f2 5010 ffff 7dce 0000
> >> ]...P...}... 000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514
> >> >
> >>127.0.0.1.643: . ack 30 win 65535
> >> 0x0000: 4600 002c d21d 4000 0306 a5ac 7f00 0001
> >> F..,.. at ......... 0x0010: 7f00 0001 0100 0000 0202 0283 8129 5dab
> >> .............)]. 0x0020: 5db7 f2f2 5010 ffff 7dce 0000
> >> ]...P...}...
> >>
> >>The rule for this packet is not a "log" one, but the sign (short) is
> >>what i cannot understand.
> >
> > Read 'man 1 tcpdump' about key "-s".
> > You command must be like "tcpdump -s 1000 -n -e -ttt -x -i pflog0 host
> > 127.0.0.1"
> >
> > Change value 1000 to appropriate.
>
> Hi, and thanks for the replay,
> but my question is not about how to use tcpdump (i know -s key), but
> what to do with pf to make this packets pass through.
> When my pf is up i cannot rsh to ipcad, but when it is down - everything
> is working just fine.
> I need this rsh to get my ip statistics.
sorry, i misunderstand you.
can you provide output 'pfctl -sr -g' (at leat sensitive rules before number
34)
More information about the freebsd-stable
mailing list