Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pflog(4) [freebsd man page]

PFLOG(4)						   BSD Kernel Interfaces Manual 						  PFLOG(4)

NAME
pflog -- packet filter logging interface SYNOPSIS
device pflog DESCRIPTION
The pflog interface is a device which makes visible all packets logged by the packet filter, pf(4). Logged packets can easily be monitored in real time by invoking tcpdump(1) on the pflog interface, or stored to disk using pflogd(8). The pflog0 interface is created automatically at boot if both pf(4) and pflogd(8) are enabled; further instances can be created using ifconfig(8). Each packet retrieved on this interface has a header associated with it of length PFLOG_HDRLEN. This header documents the address family, interface name, rule number, reason, action, and direction of the packet that was logged. This structure, defined in <net/if_pflog.h> looks like struct pfloghdr { u_int8_t length; sa_family_t af; u_int8_t action; u_int8_t reason; char ifname[IFNAMSIZ]; char ruleset[PF_RULESET_NAME_SIZE]; u_int32_t rulenr; u_int32_t subrulenr; uid_t uid; pid_t pid; uid_t rule_uid; pid_t rule_pid; u_int8_t dir; u_int8_t pad[3]; }; EXAMPLES
Create a pflog interface and monitor all packets logged on it: # ifconfig pflog1 up # tcpdump -n -e -ttt -i pflog1 SEE ALSO
tcpdump(1), inet(4), inet6(4), netintro(4), pf(4), ifconfig(8), pflogd(8) HISTORY
The pflog device first appeared in OpenBSD 3.0. BSD
May 31, 2007 BSD

Check Out this Related Man Page

PFLOG(4)                                                   BSD Kernel Interfaces Manual                                                   PFLOG(4)

NAME
pflog -- packet filter logging interface SYNOPSIS
device pflog DESCRIPTION
The pflog interface is a pseudo-device which makes visible all packets logged by the packet filter, pf(4). Logged packets can easily be mon- itored in real time by invoking tcpdump(1) on the pflog interface, or stored to disk using pflogd(8). The pflog0 interface is created automatically at boot if both pf(4) and pflogd(8) are enabled; further instances can be created using ifconfig(8). Each packet retrieved on this interface has a header associated with it of length PFLOG_HDRLEN. This header documents the address family, interface name, rule number, reason, action, and direction of the packet that was logged. This structure, defined in <net/if_pflog.h> looks like struct pfloghdr { u_int8_t length; sa_family_t af; u_int8_t action; u_int8_t reason; char ifname[IFNAMSIZ]; char ruleset[PF_RULESET_NAME_SIZE]; u_int32_t rulenr; u_int32_t subrulenr; uid_t uid; pid_t pid; uid_t rule_uid; pid_t rule_pid; u_int8_t dir; u_int8_t pad[3]; }; EXAMPLES
Create a pflog interface and monitor all packets logged on it: # ifconfig pflog1 up # tcpdump -n -e -ttt -i pflog1 SEE ALSO
tcpdump(1) inet(4), inet6(4), netintro(4), pf(4), ifconfig(8), pflogd(8) HISTORY
The pflog device first appeared in OpenBSD 3.0. BSD December 10, 2001 BSD
Man Page

15 More Discussions You Might Find Interesting

1. Cybersecurity

logging

is there a log/ how do i make a log that logs every packet inbound or outbound through my server? I want every packet or packet fragment to be logged that comes to my server. (5 Replies)
Discussion started by: The Fridgerator
5 Replies

2. Programming

tcpdump get packate, Application get the packete too?

1. use Digital Unix 4.0F 2. as we know, tcpdump can get network package. But does it peek packates like MSG_PEEK flag in recvmsg() OR does it get packetes from kernel processed or application processed? (0 Replies)
Discussion started by: chenhao_no1
0 Replies

3. IP Networking

tcpdump error: no suitable device found

Hi, I'm trying to use tcpdump for the first time. I installed tcpdump from the rpm. Now when I issue the command tcpdump port 6666, I get an error tcpdump: no suitable device found Can you tell me what's wrong there? Thanks. (5 Replies)
Discussion started by: zampya
5 Replies

4. Shell Programming and Scripting

from column to row

Hi , I have a text file look like the following: '/ttt/aaa' '/ttt/bbb' '/ttt/ccc' '/ttt/ddd' '/ttt/eee' 1. I need to rebuild its content and make it look like : '/ttt/aaa','/ttt/bbb','/ttt/ccc','/ttt/ddd','/ttt/eee' 2. I cant create a new file. the changes need to be done inside the... (9 Replies)
Discussion started by: yoavbe
9 Replies

5. IP Networking

enhanced tcpdump is needed

Are there any standard programs in linux/unix like tcpdump that store packets' headers in db (Berkeley DB is preffered, including secondary db's to index stored headers by IP addesses, TCP flows, etc.), provide search in db and convert found headers to tcpdump dumpfile format? (12 Replies)
Discussion started by: Hitori
12 Replies

6. IP Networking

i would like to know about tcpdump

i would like to know about tcpdump i would like to use tcpdump to get information about these - Date - time - source hostname - source mac address - source ip address - destination ip address - see outbound only then i use command like this tcpdump -i le0 -n -q -tttt -e src net... (2 Replies)
Discussion started by: chamnanpol
2 Replies

7. IP Networking

tcpdump -w file is not capturing all the packets

I am trying to capture tcpdump for traffic to a port in a file but this does not seem to capture all the packets. Command I use is : tcpdump -w tdump.dat port 22 Why is it not capturing all the packets ? Here is my experiment: root@pmode-client6 adc-demo]# tcpdump port 22 tcpdump:... (5 Replies)
Discussion started by: radiatejava
5 Replies

8. Infrastructure Monitoring

Capturing bad packets

Hello, SNMP reports from my Linux server a large number of "ipInAddrErrors" on several of my systems. According to one description, these packets are discarded datagrams due to: How do I determine what packets these are? Can tcpdump help? If so, can anyone suggest a filter? (1 Reply)
Discussion started by: otheus
1 Replies

9. AIX

tcpdump fails at AIX 5.2

While executing tcpdump , i am getting following error. tcpdump: BIOCSETIF: en0: Do not specify an existing file. I checked with truss , and i able to see kioctl system is failed with "EEXIST" ============================================== Message from truss output... (2 Replies)
Discussion started by: sekarsamy
2 Replies

10. Filesystems, Disks and Memory

A tcpdump-like tool for disk I/O?

Hi, can anyone please suggest a tool to dump i/o packets just like tcpdump does for network traffic. Basically I have a complex dataflow that needs to be optimized and I want to see how packets go to/from disk - what goes randomly and sequentially. Thanks (8 Replies)
Discussion started by: vsmi
8 Replies

11. IP Networking

Capture packets (TcpDump) and forwarding them

Hi, I want to capture a certain type of packets (selected according to the protocol) coming to my PC and then transmit them to another PC. I had the idea to use tcpdump to filter input packets and extract those chosen. Well my questions are: 1- after filtering input packets, those that have not... (1 Reply)
Discussion started by: ziedf
1 Replies

12. UNIX for Dummies Questions & Answers

tcpdump and prism headers question

Hello everyone! I installed OpenWRT on a WRT54G-TM (linux 2.4). No problem so far!. I also installed tcpdump on the box. I set the adapter in monitor mode. wlc monitor 1 It created the prism0 interface. Tcpdumpíng is also possible using this interface. root@cmWRT:/tmp# tcpdump -i... (1 Reply)
Discussion started by: aztroboy
1 Replies

13. UNIX for Dummies Questions & Answers

tcpdump with each line number?

Hi all, First of all, thanks for providing the platform so all of us can learn and ask question if there is any doubt about unix/linux system. This is my first time here and I would like to know what is the correct switch/option in order to capture tcpdump with line number at the beginning of... (1 Reply)
Discussion started by: type8code0
1 Replies

14. IP Networking

Tcpdump -i any producing duplicate packages?

Hi, Can anyone explain why do I see same request twice in tcpdump package when I use "tcpdump -i any"? So I'm tracing packets on eth1.800 interface, but using "tcpdump -i any" to capture them. What I see is that the requests/responses from my side seem to appear as duplicate in the pcap file,... (1 Reply)
Discussion started by: Juha
1 Replies

15. IP Networking

TCPdump

I've recently started learning to use TCPdump, and I find it pretty interesting. There's one thing I don't understand. When I tell it to capture packets on, say, the WiFi interface en1, it often captures packets sent or received by other hosts on the network. How can it do this? My... (3 Replies)
Discussion started by: Ultrix
3 Replies