From owner-freebsd-questions@FreeBSD.ORG Tue Apr 20 11:28:31 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 66D3D106564A for ; Tue, 20 Apr 2010 11:28:31 +0000 (UTC) (envelope-from marcus.jabber@gmail.com) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 1E8AA8FC1D for ; Tue, 20 Apr 2010 11:28:30 +0000 (UTC) Received: by vws18 with SMTP id 18so722493vws.13 for ; Tue, 20 Apr 2010 04:28:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:to:subject:from:date :mime-version:content-type:content-transfer-encoding:message-id; bh=In3k0juo5EHGJJPSfs5VQUJjsLEyer3fu7/WwWisaAM=; b=xkQ04D16PgijKs+Uz/UiKhGX0wfHv4qZ5SyH17hkQvISM2Lfqn4fbSK9ShHt2qQDQj cSyEKzxEjw0l+YZ3s0H/nSM/mSP2dYBuGMoOvu0WXxmpUntlPDCXL6iMPsNg2JUjvU7l Lz45DtyVzSuIdBvmYzTXLuI/0zsjEe7+zDJEM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=to:subject:from:date:mime-version:content-type :content-transfer-encoding:message-id; b=kt61gmzMSLfzxbfcU0UxnmlkQhUogQTW0VCJcqZT/J2GVTwXt45dkglHXVCSAAR9q2 nkye6NyzmEshB6luXnUYQPxFHro3TBbzzli6hCxMJxxMARTT99WwkQS21aaXxMnZVd9h /L9YXLGSMyIu/j1j41Vm/thm+5NvkErpAy7bw= Received: by 10.220.121.148 with SMTP id h20mr4532586vcr.134.1271762910520; Tue, 20 Apr 2010 04:28:30 -0700 (PDT) Received: from archdesk.localnet ([201.19.141.89]) by mx.google.com with ESMTPS id a1sm23334470vcp.9.2010.04.20.04.28.28 (version=SSLv3 cipher=RC4-MD5); Tue, 20 Apr 2010 04:28:28 -0700 (PDT) To: freebsd-questions@freebsd.org From: marcus Date: Tue, 20 Apr 2010 08:28:12 -0300 MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <201004200828.13121.marcus.jabber@gmail.com> Subject: Re: about tcpdump X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Apr 2010 11:28:31 -0000 On Thursday 15 April 2010 22:16:45 Michael Hughes wrote: > On Thu, 15 Apr 2010 23:37:09 +0300 >=20 > Yavuz Ma=C5=9Flak wrote: > > I have a network. I wish to log all incoming and outgoing trafficc > > using tcpdump on my gateway server. But I don't want to log these > > traffic's data because of they take up much on disk. > > I only want to log which ports were used, which ip addresses were > > reached. How can I do these using tcpdump ? > > Could you give me an example or docs? > > I use freebsd7.2 >=20 > Have you thought about using ARGUS (Audit Record Generation and > Utilization System)? tcpdump syntax for a specific host: #tcpdump -i rl0 -n host 10.10.0.1 rl0 =3D interface 10.10.0.1 =3D your host tcpdump syntax for a specific port: #tcpdump -i rl0 -n port 22 22 =3D your port However your questions is more about filtering data using shell scripts tha= t=20 tcpdump syntax. If you isn't mastered it, tool as ARGUS are a good choice.