From owner-freebsd-questions  Thu Sep  5 23:07:32 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id XAA27269
          for questions-outgoing; Thu, 5 Sep 1996 23:07:32 -0700 (PDT)
Received: from gatekeeper.barcode.co.il (gatekeeper.barcode.co.il [192.116.93.17])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id XAA27236
          for <questions@FreeBSD.ORG>; Thu, 5 Sep 1996 23:06:48 -0700 (PDT)
Received: (from nadav@localhost) by gatekeeper.barcode.co.il (8.6.12/8.6.12) id JAA27975; Fri, 6 Sep 1996 09:03:30 +0200
Date: Fri, 6 Sep 1996 09:03:30 +0200 (IST)
From: Nadav Eiron <nadav@barcode.co.il>
To: Hal Snyder <hal@post.vale.com>
cc: "'Christoph Kukulies'" <kuku@gilberto.physik.rwth-aachen.de>,
        "'questions@freebsd.org'" <questions@FreeBSD.ORG>
Subject: RE: catching a ping 
In-Reply-To: <01BB9B1A.D42D3C90@jaguar>
Message-ID: <Pine.BSF.3.91.960906090218.27970A-100000@gatekeeper.barcode.co.il>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk



On Thu, 5 Sep 1996, Hal Snyder wrote:

> Christoph Kukulies wrote:
> > Is there a way to test if some host is pinging me in intervals?
> > I tried systat -netstat and did a ping -c 1 <host> and the
> > connection didn't show up (would port 7 be used in that case)
> 
> Enable bpf in your kernel and use tcpdump, something like
>   tcpdump icmp[0] = 8 or icmp[0] = 0
> 
> For syslogging, you could enable IPFIREWALL and use the likes of
>   ipfw add accept log icmp from any to ${my_ip} icmptypes 0,8
> 
Better than ipfw, you can use IPfilter (I think it's in the ports, and if 
not, you can use the standard version, it has instructions for compiling 
on FreeBSD, at least for 2.1.0). Unlike ipfw it knows about ICMP types so 
you can log/block just ICMP echos.