Date: Mon, 16 May 2016 18:36:50 +0100 From: Gary Palmer <gpalmer@freebsd.org> To: Larry Rosenman <ler@lerctr.org> Cc: Freebsd net <freebsd-net@freebsd.org> Subject: Re: Closed port RST: Any way to find out what port(s)? Message-ID: <20160516173649.GA15236@in-addr.com> In-Reply-To: <472a21d960dd951dfd4a70e5dc94b7e5@thebighonker.lerctr.org> References: <472a21d960dd951dfd4a70e5dc94b7e5@thebighonker.lerctr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 16, 2016 at 12:31:02PM -0500, Larry Rosenman wrote: > I'm seeing tons of: > Limiting closed port RST response from 201 to 200 packets/sec > in my log. Is there any way to see what port(s) are being pounded? sysctl net.inet.tcp.log_in_vain=1 I expect you would get a ton of spam from that, so my suggestion would be tcpdump. e.g. tcpdump -i <interface> -n 'tcp[tcpflags] & (tcp-rst) != 0' Regards, Gary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160516173649.GA15236>