From owner-freebsd-questions Tue Jun 11 0:21:28 2002 Delivered-To: freebsd-questions@freebsd.org Received: from lexx.zssm.zp.ua (lexx.zssm.zp.ua [212.8.32.8]) by hub.freebsd.org (Postfix) with ESMTP id 1034137B40A for ; Tue, 11 Jun 2002 00:21:21 -0700 (PDT) Received: from server.hermes-comp.zp.ua (germes-comp.zssm.zp.ua [212.8.32.132] (may be forged)) by lexx.zssm.zp.ua (8.9.2/8.9.2) with ESMTP id KAA29547; Tue, 11 Jun 2002 10:19:52 +0300 (EET DST) Received: from localhost (localhost [127.0.0.1]) by server.hermes-comp.zp.ua (Postfix) with ESMTP id EC08738302; Tue, 11 Jun 2002 10:15:45 +0300 (EEST) Date: Tue, 11 Jun 2002 10:15:45 +0300 (EEST) From: Alexander V Zubchenko To: Ilia Chipitsine Cc: Subject: Re: ipfw: catching data ? In-Reply-To: Message-ID: <20020611101327.B87612-100000@server.hermes-comp.zp.ua> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=KOI8-R Content-Transfer-Encoding: 8BIT Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Greetings! (Приветствую) On Tue, 11 Jun 2002, Ilia Chipitsine wrote: > Dear Sirs, > > the following rule says that some packets were sent: > > /sbin/ipfw deny log tcp from any to me 3000 in recv tun1 Stop! You say they were sent. But this rule, afaic, must deny them. And log must say, that packets was denied. > > which rule should I apply in order to catch what was transmitted during > that tcp session ? afaiu, that tcp session is lost for You. By default packet data is not stored anywhere. You can turn on tcpdump with same rule and try to catch next session. Hope, this help. > > Regards, (Наилучшие пожелания) > Ilia Chipitsine (Илья Шипицин) > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > With best wishes to all fbsd community, Alexander To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message