12-10-2015
PF OpenBSD Network Monitoring
Hi,
Though I have some Linux background I'm new to BSD. Currently I'm administering an OpenBSD 5.3 firewall which based on PF.
I want to view my LAN's top talkers to the internet. If it is a graphical method that's better but I like to know whether it is possible through a command like
pfctl. A help is greatly appreciated.
Thanks
7 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Is there any way to check up the TCP/Ip port connectivity( healthiness ) without using ping or icmp calls ? (2 Replies)
Discussion started by: vikasdeshmukh
2 Replies
2. IP Networking
This feels really silly, but i just dont get it..
I just installed openbsd on one of my machines, usually
i dont have this problem, but now, when i try to use ifconfig
to give myself an ipadress, i get this errormsg:
OpenAMD# ifconfig ep0 192.168.51.16
ifconfig: SIOCGIFFLAGS: Device not... (5 Replies)
Discussion started by: CopyWrong
5 Replies
3. UNIX for Dummies Questions & Answers
hi
can i know if there is any GUI interface software to help in monitoring the network of the servers i have? something like a web pages or a stock pages when a processes is down, a red colour is flashes. best if it is free ;) (1 Reply)
Discussion started by: legato
1 Replies
4. HP-UX
I Colleagues,
Somebody can say me how to monitoring traffic in the network. also I am interested in monitoring memory. if somebody to know a guide with command advanced in unix welcome for me.
Thank you for adcanced. (0 Replies)
Discussion started by: systemoper
0 Replies
5. UNIX for Advanced & Expert Users
Hi all,
I got following configuration problem
I need to configure tiny network on openbsd
I got server1 with 3 interfaces vic0 em0 em1
The interface vic0 on server1 has follwoing IP 172.16.1.1
em0
firstly I would like to configure network under em0 (I have assigned to em0 following... (1 Reply)
Discussion started by: kvok
1 Replies
6. Shell Programming and Scripting
My Office Hours between 10 A.M to 5 P.M .I am managing 16 client PCs which is remotely placed. I want to know the network status of every client PCs.I need an automatic trigger mail ,when the network connection is lost in any one of the Client PCs during office hours.I am a self study learner.I... (9 Replies)
Discussion started by: kannansoft1985
9 Replies
7. Infrastructure Monitoring
Hi,
Though I have some Linux background I'm new to BSD. Currently I'm administering an OpenBSD 5.3 firewall which based on PF.
I want to view my top talkers to the internet. If it is a graphical one that's better but I like to know whether it is possible through a command like pfctl a help... (1 Reply)
Discussion started by: amithad
1 Replies
LEARN ABOUT FREEBSD
blackhole
BLACKHOLE(4) BSD Kernel Interfaces Manual BLACKHOLE(4)
NAME
blackhole -- a sysctl(8) MIB for manipulating behaviour in respect of refused TCP or UDP connection attempts
SYNOPSIS
sysctl net.inet.tcp.blackhole[=[0 | 1 | 2]]
sysctl net.inet.udp.blackhole[=[0 | 1]]
DESCRIPTION
The blackhole sysctl(8) MIB is used to control system behaviour when connection requests are received on TCP or UDP ports where there is no
socket listening.
Normal behaviour, when a TCP SYN segment is received on a port where there is no socket accepting connections, is for the system to return a
RST segment, and drop the connection. The connecting system will see this as a ``Connection refused''. By setting the TCP blackhole MIB to
a numeric value of one, the incoming SYN segment is merely dropped, and no RST is sent, making the system appear as a blackhole. By setting
the MIB value to two, any segment arriving on a closed port is dropped without returning a RST. This provides some degree of protection
against stealth port scans.
In the UDP instance, enabling blackhole behaviour turns off the sending of an ICMP port unreachable message in response to a UDP datagram
which arrives on a port where there is no socket listening. It must be noted that this behaviour will prevent remote systems from running
traceroute(8) to a system.
The blackhole behaviour is useful to slow down anyone who is port scanning a system, attempting to detect vulnerable services on a system.
It could potentially also slow down someone who is attempting a denial of service attack.
WARNING
The TCP and UDP blackhole features should not be regarded as a replacement for firewall solutions. Better security would consist of the
blackhole sysctl(8) MIB used in conjunction with one of the available firewall packages.
This mechanism is not a substitute for securing a system. It should be used together with other security mechanisms.
SEE ALSO
ip(4), tcp(4), udp(4), ipf(8), ipfw(8), pfctl(8), sysctl(8)
HISTORY
The TCP and UDP blackhole MIBs first appeared in FreeBSD 4.0.
AUTHORS
Geoffrey M. Rehmet
BSD
January 1, 2007 BSD