Pestilence 01 netstat -in
Code:
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Colls
lo0 33200 <Link> 567 0 567 0 0
lo0 33200 127/8 127.0.0.1 567 0 567 0 0
lo0 33200 ::1/128 ::1 567 0 567 0 0
lo0 33200 fe80::%lo0/ fe80::1%lo0 567 0 567 0 0
bge0 1500 <Link> 00:10:18:14:7b:ed 3166606 171 11135115 0 0
bge0 1500 192.168.1.1 192.168.1.1 3166606 171 11135115 0 0
bge0 1500 fe80::%bge0 fe80::210:18ff:fe 3166606 171 11135115 0 0
bge1 1500 <Link> 00:13:72:3b:d5:33 298348513 31822 310233092 0 0
bge1 1500 10.0.206/ 10.0.206.2 298348513 31822 310233092 0 0
bge1 1500 fe80::%bge1 fe80::213:72ff:fe 298348513 31822 310233092 0 0
bge2 1500 <Link> 00:13:72:3b:d5:34 266979910 100667 244796771 0 0
bge2 1500 2.3.1 2.3.1.71 266979910 100667 244796771 0 0
bge2 1500 fe80::%bge2 fe80::213:72ff:fe 266979910 100667 244796771 0 0
enc0* 0 <Link> 0 0 0 0 0
vlan27 1500 <Link> 00:13:72:3b:d5:33 10488977 0 8516499 0 0
vlan27 1500 fe80::%vlan fe80::213:72ff:fe 10488977 0 8516499 0 0
vlan27 1500 10.0.203. 10.0.203.2 10488977 0 8516499 0 0
vlan28 1500 <Link> 00:13:72:3b:d5:33 99426222 0 106252308 0 0
vlan28 1500 fe80::%vlan fe80::213:72ff:fe 99426222 0 106252308 0 0
vlan28 1500 10.0.203. 10.0.203.10 99426222 0 106252308 0 0
vlan29 1500 <Link> 00:13:72:3b:d5:33 4072981 0 3791557 0 0
vlan29 1500 fe80::%vlan fe80::213:72ff:fe 4072981 0 3791557 0 0
vlan29 1500 10.0.203. 10.0.203.18 4072981 0 3791557 0 0
vlan30 1500 <Link> 00:13:72:3b:d5:33 52304273 0 73214072 0 0
vlan30 1500 fe80::%vlan fe80::213:72ff:fe 52304273 0 73214072 0 0
vlan30 1500 10.0.203. 10.0.203.26 52304273 0 73214072 0 0
vlan31 1500 <Link> 00:13:72:3b:d5:33 6661250 0 6279377 0 0
vlan31 1500 fe80::%vlan fe80::213:72ff:fe 6661250 0 6279377 0 0
vlan31 1500 10.0.203. 10.0.203.34 6661250 0 6279377 0 0
vlan32 1500 <Link> 00:13:72:3b:d5:33 894006 0 423772 0 0
vlan32 1500 fe80::%vlan fe80::213:72ff:fe 894006 0 423772 0 0
vlan32 1500 10.0.203. 10.0.203.42 894006 0 423772 0 0
vlan33 1500 <Link> 00:13:72:3b:d5:33 659168 0 132639 0 0
vlan33 1500 fe80::%vlan fe80::213:72ff:fe 659168 0 132639 0 0
vlan33 1500 10.0.203. 10.0.203.50 659168 0 132639 0 0
vlan34 1500 <Link> 00:13:72:3b:d5:33 857089 0 286012 0 0
vlan34 1500 fe80::%vlan fe80::213:72ff:fe 857089 0 286012 0 0
vlan34 1500 10.0.203. 10.0.203.58 857089 0 286012 0 0
vlan35 1500 <Link> 00:13:72:3b:d5:33 607623 0 271835 0 0
vlan35 1500 fe80::%vlan fe80::213:72ff:fe 607623 0 271835 0 0
vlan35 1500 10.0.203. 10.0.203.66 607623 0 271835 0 0
pfsync0 1500 <Link> 3166312 0 11134279 0 0
pflog0 33200 <Link> 0 0 27868 0 0
carp1 1500 <Link> 00:00:5e:00:01:01 119812495 0 59821 1 0
carp1 1500 fe80::%carp fe80::200:5eff:fe 119812495 0 59821 1 0
carp1 1500 10.0.206/ 10.0.206.1 119812495 0 59821 1 0
carp10 1500 <Link> 00:00:5e:00:01:0a 6352265 0 59668 0 0
carp10 1500 fe80::%carp fe80::200:5eff:fe 6352265 0 59668 0 0
carp10 1500 2.3.1 2.3.1.79 6352265 0 59668 0 0
carp11 1500 <Link> 00:00:5e:00:01:0b 444795 0 59668 0 0
carp11 1500 fe80::%carp fe80::200:5eff:fe 444795 0 59668 0 0
carp11 1500 2.3.1 2.3.1.105 444795 0 59668 0 0
carp12 1500 <Link> 00:00:5e:00:01:0c 72192512 0 59668 0 0
carp12 1500 fe80::%carp fe80::200:5eff:fe 72192512 0 59668 0 0
carp12 1500 2.3.1 2.3.1.78 72192512 0 59668 0 0
carp13 1500 <Link> 00:00:5e:00:01:0d 104341 0 59668 0 0
carp13 1500 fe80::%carp fe80::200:5eff:fe 104341 0 59668 0 0
carp13 1500 2.3.1 2.3.1.106 104341 0 59668 0 0
carp14 1500 <Link> 00:00:5e:00:01:0e 3032192 0 59668 0 0
carp14 1500 fe80::%carp fe80::200:5eff:fe 3032192 0 59668 0 0
carp14 1500 2.3.1 2.3.1.77 3032192 0 59668 0 0
carp15 1500 <Link> 00:00:5e:00:01:0f 289109 0 59668 0 0
carp15 1500 fe80::%carp fe80::200:5eff:fe 289109 0 59668 0 0
carp15 1500 2.3.1 2.3.1.107 289109 0 59668 0 0
carp16 1500 <Link> 00:00:5e:00:01:10 370686 0 59668 0 0
carp16 1500 fe80::%carp fe80::200:5eff:fe 370686 0 59668 0 0
carp16 1500 2.3.1 2.3.1.108 370686 0 59668 0 0
carp17 1500 <Link> 00:00:5e:00:01:11 65999 0 59668 0 0
carp17 1500 fe80::%carp fe80::200:5eff:fe 65999 0 59668 0 0
carp17 1500 2.3.1 2.3.1.109 65999 0 59668 0 0
carp18 1500 <Link> 00:00:5e:00:01:12 38018 0 59668 0 0
carp18 1500 fe80::%carp fe80::200:5eff:fe 38018 0 59668 0 0
carp18 1500 2.3.1 2.3.1.110 38018 0 59668 0 0
carp19 1500 <Link> 00:00:5e:00:01:13 14188307 0 59668 0 0
carp19 1500 fe80::%carp fe80::200:5eff:fe 14188307 0 59668 0 0
carp19 1500 2.3.1 2.3.1.111 14188307 0 59668 0 0
carp2 1500 <Link> 00:00:5e:00:01:02 28658137 28648225 59667 0 0
carp2 1500 fe80::%carp fe80::200:5eff:fe 28658137 28648225 59667 0 0
carp2 1500 2.3.1 2.3.1.68 28658137 28648225 59667 0 0
carp20 1500 <Link> 00:00:5e:00:01:14 7676 0 59667 0 0
carp20 1500 fe80::%carp fe80::200:5eff:fe 7676 0 59667 0 0
carp20 1500 2.3.1 2.3.1.112 7676 0 59667 0 0
carp21 1500 <Link> 00:00:5e:00:01:15 15115 0 59667 0 0
carp21 1500 fe80::%carp fe80::200:5eff:fe 15115 0 59667 0 0
carp21 1500 2.3.1 2.3.1.113 15115 0 59667 0 0
carp22 1500 <Link> 00:00:5e:00:01:16 8051 0 59667 0 0
carp22 1500 fe80::%carp fe80::200:5eff:fe 8051 0 59667 0 0
carp22 1500 2.3.1 2.3.1.114 8051 0 59667 0 0
carp23 1500 <Link> 00:00:5e:00:01:17 7441 0 59668 0 0
carp23 1500 fe80::%carp fe80::200:5eff:fe 7441 0 59668 0 0
carp23 1500 2.3.1 2.3.1.115 7441 0 59668 0 0
carp24 1500 <Link> 00:00:5e:00:01:18 8506 0 59668 0 0
carp24 1500 fe80::%carp fe80::200:5eff:fe 8506 0 59668 0 0
carp24 1500 2.3.1 2.3.1.116 8506 0 59668 0 0
carp25 1500 <Link> 00:00:5e:00:01:19 6648635 0 59668 0 0
carp25 1500 fe80::%carp fe80::200:5eff:fe 6648635 0 59668 0 0
carp25 1500 2.3.1 2.3.1.117 6648635 0 59668 0 0
carp26 1500 <Link> 00:00:5e:00:01:1a 7061 0 59667 0 0
carp26 1500 fe80::%carp fe80::200:5eff:fe 7061 0 59667 0 0
carp26 1500 2.3.1 2.3.1.118 7061 0 59667 0 0
carp27 1500 <Link> 00:00:5e:00:01:1b 9889204 0 59668 1 0
carp27 1500 fe80::%carp fe80::200:5eff:fe 9889204 0 59668 1 0
carp27 1500 10.0.203. 10.0.203.1 9889204 0 59668 1 0
carp28 1500 <Link> 00:00:5e:00:01:1c 98826486 0 59668 1 0
carp28 1500 fe80::%carp fe80::200:5eff:fe 98826486 0 59668 1 0
carp28 1500 10.0.203. 10.0.203.9 98826486 0 59668 1 0
carp29 1500 <Link> 00:00:5e:00:01:1d 3472814 0 59668 1 0
carp29 1500 fe80::%carp fe80::200:5eff:fe 3472814 0 59668 1 0
carp29 1500 10.0.203. 10.0.203.17 3472814 0 59668 1 0
carp3 1500 <Link> 00:00:5e:00:01:03 104539961 0 59667 0 0
carp3 1500 fe80::%carp fe80::200:5eff:fe 104539961 0 59667 0 0
carp3 1500 2.3.1 2.3.1.80 104539961 0 59667 0 0
carp30 1500 <Link> 00:00:5e:00:01:1e 51704546 0 59668 1 0
carp30 1500 fe80::%carp fe80::200:5eff:fe 51704546 0 59668 1 0
carp30 1500 10.0.203. 10.0.203.25 51704546 0 59668 1 0
carp31 1500 <Link> 00:00:5e:00:01:1f 6061037 0 59668 1 0
carp31 1500 fe80::%carp fe80::200:5eff:fe 6061037 0 59668 1 0
carp31 1500 10.0.203. 10.0.203.33 6061037 0 59668 1 0
carp32 1500 <Link> 00:00:5e:00:01:20 293051 0 59668 1 0
carp32 1500 fe80::%carp fe80::200:5eff:fe 293051 0 59668 1 0
carp32 1500 10.0.203. 10.0.203.41 293051 0 59668 1 0
carp33 1500 <Link> 00:00:5e:00:01:21 59867 0 59668 1 0
carp33 1500 fe80::%carp fe80::200:5eff:fe 59867 0 59668 1 0
carp33 1500 10.0.203. 10.0.203.49 59867 0 59668 1 0
carp34 1500 <Link> 00:00:5e:00:01:22 256496 0 59668 1 0
carp34 1500 fe80::%carp fe80::200:5eff:fe 256496 0 59668 1 0
carp34 1500 10.0.203. 10.0.203.57 256496 0 59668 1 0
carp35 1500 <Link> 00:00:5e:00:01:23 291 0 59668 1 0
carp35 1500 fe80::%carp fe80::200:5eff:fe 291 0 59668 1 0
carp35 1500 10.0.203. 10.0.203.65 291 0 59668 1 0
carp4 1500 <Link> 00:00:5e:00:01:04 36971082 0 59668 0 0
carp4 1500 fe80::%carp fe80::200:5eff:fe 36971082 0 59668 0 0
carp4 1500 2.3.1 2.3.1.90 36971082 0 59668 0 0
carp5 1500 <Link> 00:00:5e:00:01:05 2972448 0 59716 0 0
carp5 1500 fe80::%carp fe80::200:5eff:fe 2972448 0 59716 0 0
carp5 1500 2.3.1 2.3.1.100 2972448 0 59716 0 0
carp6 1500 <Link> 00:00:5e:00:01:06 39288 0 59668 0 0
carp6 1500 fe80::%carp fe80::200:5eff:fe 39288 0 59668 0 0
carp6 1500 2.3.1 2.3.1.101 39288 0 59668 0 0
carp7 1500 <Link> 00:00:5e:00:01:07 93163 0 59668 0 0
carp7 1500 fe80::%carp fe80::200:5eff:fe 93163 0 59668 0 0
carp7 1500 2.3.1 2.3.1.102 93163 0 59668 0 0
carp8 1500 <Link> 00:00:5e:00:01:08 4335898 0 59668 0 0
carp8 1500 fe80::%carp fe80::200:5eff:fe 4335898 0 59668 0 0
carp8 1500 2.3.1 2.3.1.103 4335898 0 59668 0 0
carp9 1500 <Link> 00:00:5e:00:01:09 8166726 0 59668 0 0
carp9 1500 fe80::%carp fe80::200:5eff:fe 8166726 0 59668 0 0
carp9 1500 2.3.1 2.3.1.104 8166726 0 59668 0 0
Pestilence 02 netstat -in
Code:
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Colls
lo0 33200 <Link> 573 0 573 0 0
lo0 33200 127/8 127.0.0.1 573 0 573 0 0
lo0 33200 ::1/128 ::1 573 0 573 0 0
lo0 33200 fe80::%lo0/ fe80::1%lo0 573 0 573 0 0
bge0 1500 <Link> 00:10:18:14:8a:6a 11136634 1493 3169082 0 0
bge0 1500 192.168.1.2 192.168.1.2 11136634 1493 3169082 0 0
bge0 1500 fe80::%bge0 fe80::210:18ff:fe 11136634 1493 3169082 0 0
bge1 1500 <Link> 00:13:72:3b:ef:ac 10806962 10324 1165931 0 0
bge1 1500 10.0.206/ 10.0.206.3 10806962 10324 1165931 0 0
bge1 1500 fe80::%bge1 fe80::213:72ff:fe 10806962 10324 1165931 0 0
bge2 1500 <Link> 00:13:72:3b:ef:ad 6370099 8781 1959089 0 0
bge2 1500 2.3.1 2.3.1.72 6370099 8781 1959089 0 0
bge2 1500 fe80::%bge2 fe80::213:72ff:fe 6370099 8781 1959089 0 0
enc0* 0 <Link> 0 0 0 0 0
vlan27 1500 <Link> 00:13:72:3b:ef:ac 668513 0 28789 0 0
vlan27 1500 fe80::%vlan fe80::213:72ff:fe 668513 0 28789 0 0
vlan27 1500 10.0.203. 10.0.203.3 668513 0 28789 0 0
vlan28 1500 <Link> 00:13:72:3b:ef:ac 927735 0 19160 0 0
vlan28 1500 fe80::%vlan fe80::213:72ff:fe 927735 0 19160 0 0
vlan28 1500 10.0.203. 10.0.203.11 927735 0 19160 0 0
vlan29 1500 <Link> 00:13:72:3b:ef:ac 666241 0 1547 0 0
vlan29 1500 fe80::%vlan fe80::213:72ff:fe 666241 0 1547 0 0
vlan29 1500 10.0.203. 10.0.203.19 666241 0 1547 0 0
vlan30 1500 <Link> 00:13:72:3b:ef:ac 796837 0 3518 0 0
vlan30 1500 fe80::%vlan fe80::213:72ff:fe 796837 0 3518 0 0
vlan30 1500 10.0.203. 10.0.203.27 796837 0 3518 0 0
vlan31 1500 <Link> 00:13:72:3b:ef:ac 673431 0 259 0 0
vlan31 1500 fe80::%vlan fe80::213:72ff:fe 673431 0 259 0 0
vlan31 1500 10.0.203. 10.0.203.35 673431 0 259 0 0
vlan32 1500 <Link> 00:13:72:3b:ef:ac 661567 0 642 0 0
vlan32 1500 fe80::%vlan fe80::213:72ff:fe 661567 0 642 0 0
vlan32 1500 10.0.203. 10.0.203.43 661567 0 642 0 0
vlan33 1500 <Link> 00:13:72:3b:ef:ac 659115 0 228 0 0
vlan33 1500 fe80::%vlan fe80::213:72ff:fe 659115 0 228 0 0
vlan33 1500 10.0.203. 10.0.203.51 659115 0 228 0 0
vlan34 1500 <Link> 00:13:72:3b:ef:ac 660951 0 264 0 0
vlan34 1500 fe80::%vlan fe80::213:72ff:fe 660951 0 264 0 0
vlan34 1500 10.0.203. 10.0.203.59 660951 0 264 0 0
vlan35 1500 <Link> 00:13:72:3b:ef:ac 683065 0 640 0 0
vlan35 1500 fe80::%vlan fe80::213:72ff:fe 683065 0 640 0 0
vlan35 1500 10.0.203. 10.0.203.67 683065 0 640 0 0
pfsync0 1500 <Link> 11133633 0 3169064 0 0
pflog0 33200 <Link> 0 0 1720 0 0
carp1 1500 <Link> 00:00:5e:00:01:01 1741787 0 323 0 0
carp1 1500 fe80::%carp fe80::200:5eff:fe 1741787 0 323 0 0
carp1 1500 10.0.206/ 10.0.206.1 1741787 0 323 0 0
carp10 1500 <Link> 00:00:5e:00:01:0a 1491882 0 7 0 0
carp10 1500 fe80::%carp fe80::200:5eff:fe 1491882 0 7 0 0
carp10 1500 2.3.1 2.3.1.79 1491882 0 7 0 0
carp11 1500 <Link> 00:00:5e:00:01:0b 1491785 0 7 0 0
carp11 1500 fe80::%carp fe80::200:5eff:fe 1491785 0 7 0 0
carp11 1500 2.3.1 2.3.1.105 1491785 0 7 0 0
carp12 1500 <Link> 00:00:5e:00:01:0c 1493783 0 7 0 0
carp12 1500 fe80::%carp fe80::200:5eff:fe 1493783 0 7 0 0
carp12 1500 2.3.1 2.3.1.78 1493783 0 7 0 0
carp13 1500 <Link> 00:00:5e:00:01:0d 1491596 0 7 0 0
carp13 1500 fe80::%carp fe80::200:5eff:fe 1491596 0 7 0 0
carp13 1500 2.3.1 2.3.1.106 1491596 0 7 0 0
carp14 1500 <Link> 00:00:5e:00:01:0e 1490483 0 8 0 0
carp14 1500 fe80::%carp fe80::200:5eff:fe 1490483 0 8 0 0
carp14 1500 2.3.1 2.3.1.77 1490483 0 8 0 0
carp15 1500 <Link> 00:00:5e:00:01:0f 1488409 0 8 0 0
carp15 1500 fe80::%carp fe80::200:5eff:fe 1488409 0 8 0 0
carp15 1500 2.3.1 2.3.1.107 1488409 0 8 0 0
carp16 1500 <Link> 00:00:5e:00:01:10 1485941 0 73 0 0
carp16 1500 fe80::%carp fe80::200:5eff:fe 1485941 0 73 0 0
carp16 1500 2.3.1 2.3.1.108 1485941 0 73 0 0
carp17 1500 <Link> 00:00:5e:00:01:11 1491781 0 7 0 0
carp17 1500 fe80::%carp fe80::200:5eff:fe 1491781 0 7 0 0
carp17 1500 2.3.1 2.3.1.109 1491781 0 7 0 0
carp18 1500 <Link> 00:00:5e:00:01:12 1491780 0 7 0 0
carp18 1500 fe80::%carp fe80::200:5eff:fe 1491780 0 7 0 0
carp18 1500 2.3.1 2.3.1.110 1491780 0 7 0 0
carp19 1500 <Link> 00:00:5e:00:01:13 1491777 0 7 0 0
carp19 1500 fe80::%carp fe80::200:5eff:fe 1491777 0 7 0 0
carp19 1500 2.3.1 2.3.1.111 1491777 0 7 0 0
carp2 1500 <Link> 00:00:5e:00:01:02 30145517 28653784 11 0 0
carp2 1500 fe80::%carp fe80::200:5eff:fe 30145517 28653784 11 0 0
carp2 1500 2.3.1 2.3.1.68 30145517 28653784 11 0 0
carp20 1500 <Link> 00:00:5e:00:01:14 1491876 125 11 0 0
carp20 1500 fe80::%carp fe80::200:5eff:fe 1491876 125 11 0 0
carp20 1500 2.3.1 2.3.1.112 1491876 125 11 0 0
carp21 1500 <Link> 00:00:5e:00:01:15 1491750 0 11 0 0
carp21 1500 fe80::%carp fe80::200:5eff:fe 1491750 0 11 0 0
carp21 1500 2.3.1 2.3.1.113 1491750 0 11 0 0
carp22 1500 <Link> 00:00:5e:00:01:16 1491750 0 11 0 0
carp22 1500 fe80::%carp fe80::200:5eff:fe 1491750 0 11 0 0
carp22 1500 2.3.1 2.3.1.114 1491750 0 11 0 0
carp23 1500 <Link> 00:00:5e:00:01:17 1491778 0 8 0 0
carp23 1500 fe80::%carp fe80::200:5eff:fe 1491778 0 8 0 0
carp23 1500 2.3.1 2.3.1.115 1491778 0 8 0 0
carp24 1500 <Link> 00:00:5e:00:01:18 1491701 0 9 0 0
carp24 1500 fe80::%carp fe80::200:5eff:fe 1491701 0 9 0 0
carp24 1500 2.3.1 2.3.1.116 1491701 0 9 0 0
carp25 1500 <Link> 00:00:5e:00:01:19 1502788 0 243 0 0
carp25 1500 fe80::%carp fe80::200:5eff:fe 1502788 0 243 0 0
carp25 1500 2.3.1 2.3.1.117 1502788 0 243 0 0
carp26 1500 <Link> 00:00:5e:00:01:1a 1491750 0 11 0 0
carp26 1500 fe80::%carp fe80::200:5eff:fe 1491750 0 11 0 0
carp26 1500 2.3.1 2.3.1.118 1491750 0 11 0 0
carp27 1500 <Link> 00:00:5e:00:01:1b 68083 0 157 0 0
carp27 1500 fe80::%carp fe80::200:5eff:fe 68083 0 157 0 0
carp27 1500 10.0.203. 10.0.203.1 68083 0 157 0 0
carp28 1500 <Link> 00:00:5e:00:01:1c 317867 0 159 0 0
carp28 1500 fe80::%carp fe80::200:5eff:fe 317867 0 159 0 0
carp28 1500 10.0.203. 10.0.203.9 317867 0 159 0 0
carp29 1500 <Link> 00:00:5e:00:01:1d 65544 0 172 0 0
carp29 1500 fe80::%carp fe80::200:5eff:fe 65544 0 172 0 0
carp29 1500 10.0.203. 10.0.203.17 65544 0 172 0 0
carp3 1500 <Link> 00:00:5e:00:01:03 1496445 0 11 0 0
carp3 1500 fe80::%carp fe80::200:5eff:fe 1496445 0 11 0 0
carp3 1500 2.3.1 2.3.1.80 1496445 0 11 0 0
carp30 1500 <Link> 00:00:5e:00:01:1e 193478 0 153 0 0
carp30 1500 fe80::%carp fe80::200:5eff:fe 193478 0 153 0 0
carp30 1500 10.0.203. 10.0.203.25 193478 0 153 0 0
carp31 1500 <Link> 00:00:5e:00:01:1f 72692 0 157 0 0
carp31 1500 fe80::%carp fe80::200:5eff:fe 72692 0 157 0 0
carp31 1500 10.0.203. 10.0.203.33 72692 0 157 0 0
carp32 1500 <Link> 00:00:5e:00:01:20 60015 0 298 0 0
carp32 1500 fe80::%carp fe80::200:5eff:fe 60015 0 298 0 0
carp32 1500 10.0.203. 10.0.203.41 60015 0 298 0 0
carp33 1500 <Link> 00:00:5e:00:01:21 59381 0 157 0 0
carp33 1500 fe80::%carp fe80::200:5eff:fe 59381 0 157 0 0
carp33 1500 10.0.203. 10.0.203.49 59381 0 157 0 0
carp34 1500 <Link> 00:00:5e:00:01:22 59965 0 150 0 0
carp34 1500 fe80::%carp fe80::200:5eff:fe 59965 0 150 0 0
carp34 1500 10.0.203. 10.0.203.57 59965 0 150 0 0
carp35 1500 <Link> 00:00:5e:00:01:23 59102 0 298 0 0
carp35 1500 fe80::%carp fe80::200:5eff:fe 59102 0 298 0 0
carp35 1500 10.0.203. 10.0.203.65 59102 0 298 0 0
carp4 1500 <Link> 00:00:5e:00:01:04 1551412 0 85 0 0
carp4 1500 fe80::%carp fe80::200:5eff:fe 1551412 0 85 0 0
carp4 1500 2.3.1 2.3.1.90 1551412 0 85 0 0
carp5 1500 <Link> 00:00:5e:00:01:05 1850600 0 75 0 0
carp5 1500 fe80::%carp fe80::200:5eff:fe 1850600 0 75 0 0
carp5 1500 2.3.1 2.3.1.100 1850600 0 75 0 0
carp6 1500 <Link> 00:00:5e:00:01:06 1481788 0 119 0 0
carp6 1500 fe80::%carp fe80::200:5eff:fe 1481788 0 119 0 0
carp6 1500 2.3.1 2.3.1.101 1481788 0 119 0 0
carp7 1500 <Link> 00:00:5e:00:01:07 1481614 0 152 0 0
carp7 1500 fe80::%carp fe80::200:5eff:fe 1481614 0 152 0 0
carp7 1500 2.3.1 2.3.1.102 1481614 0 152 0 0
carp8 1500 <Link> 00:00:5e:00:01:08 1707366 0 156 0 0
carp8 1500 fe80::%carp fe80::200:5eff:fe 1707366 0 156 0 0
carp8 1500 2.3.1 2.3.1.103 1707366 0 156 0 0
carp9 1500 <Link> 00:00:5e:00:01:09 1513065 0 200 0 0
carp9 1500 fe80::%carp fe80::200:5eff:fe 1513065 0 200 0 0
carp9 1500 2.3.1 2.3.1.104 1513065 0 200 0 0
Pestilence01 – netstat –ss
Code:
ip:
639036250 total packets received
62111877 packets for this host
1771 packets for unknown/unsupported protocol
551265989 packets forwarded
31670 packets not forwardable
1446102 packets sent from this host
200417 output datagrams fragmented
200417 fragments created
153 datagrams with bad address in header
639035482 input datagrams checksum-processed by hardware
564047216 output datagrams checksum-processed by hardware
2496996 multicast packets which we don't join
icmp:
61828 calls to icmp_error
Output packet histogram:
echo reply: 1006454
destination unreachable: 57103
time exceeded: 549
time stamp reply: 264
1 message with bad length
Input packet histogram:
echo reply: 95
destination unreachable: 959
routing redirect: 2
echo: 1006454
time exceeded: 454
time stamp: 264
address mask request: 264
1006718 message responses generated
igmp:
ipencap:
tcp:
145924 packets sent
67537 data packets (36528496 bytes)
488 data packets (603745 bytes) retransmitted
55354 ack-only packets (83977 delayed)
3618 window update packets
18927 control packets
434832 packets received
87300 acks (for 36215923 bytes)
13735 duplicate acks
98477 packets (23842484 bytes) received in-sequence
172 completely duplicate packets (12041 bytes)
3 packets with some duplicate data (192 bytes duplicated)
2423 out-of-order packets (284088 bytes)
136 window update packets
21 packets received after close
873 discarded for bad checksums
433422 packets hardware-checksummed
3408 connection requests
13904 connection accepts
14008 connections established (including accepts)
18028 connections closed (including 707 drops)
15 embryonic connections dropped
86600 segments updated rtt (of 75159 attempts)
2107 retransmit timeouts
7 connections dropped by rexmit timeout
9 keepalive timeouts
9 keepalive probes sent
2986 correct ACK header predictions
45772 correct data packet header predictions
299465 PCB cache misses
cwr by fastrecovery: 129
cwr by timeout: 2107
87 bad connection attempts
15302 SYN cache entries added
13904 completed
28 timed out
1370 dropped due to RST
166 SYN,ACKs retransmitted
36 duplicate SYNs received for entries already in the cache
129 SACK recovery episodes
252 segment rexmits in SACK recovery episodes
308742 byte rexmits in SACK recovery episodes
1137 SACK options received
336 SACK options sent
udp:
172079 datagrams received
115 with no checksum
171949 input packets hardware-checksummed
37425 dropped due to no socket
118000 broadcast/multicast datagrams dropped due to no socket
437 dropped due to full socket buffers
16217 delivered
15809 datagrams output
37979 missed PCB cache
esp:
ah:
etherip:
ipcomp:
carp:
57331672 packets received (IPv4)
28651650 discarded for bad authentication
28651525 discarded for unknown vhid
2088619 packets sent (IPv4)
35 transitions to master
pfsync:
3166573 packets received (IPv4)
57793 stale states
40786 failed state lookup/inserts
11135591 packets sent (IPv4)
divert:
pflow:
ip6:
43828 total packets received
377 packets sent from this host
Input packet histogram:
UDP: 43828
Mbuf statistics:
43828 one ext mbufs
source addresses on an outgoing I/F
35 link-locals
source addresses of same scope
35 link-locals
divert6:
icmp6:
Output packet histogram:
multicast listener report: 330
neighbor solicitation: 12
neighbor advertisement: 35
Histogram of error messages to be generated:
pim6:
rip6:
Pestilence02 – netstat –ss
Code:
ip:
136548635 total packets received
106698935 packets for this host
69 packets for unknown/unsupported protocol
2799500 packets forwarded
13449 packets not forwardable
316806 packets sent from this host
1418 output datagrams fragmented
1418 fragments created
817 datagrams with bad address in header
136547245 input datagrams checksum-processed by hardware
6286271 output datagrams checksum-processed by hardware
15585652 multicast packets which we don't join
icmp:
8578 calls to icmp_error
Output packet histogram:
echo reply: 86337
destination unreachable: 6848
time stamp reply: 9
Input packet histogram:
echo reply: 3
destination unreachable: 47
echo: 86337
time exceeded: 10
time stamp: 9
address mask request: 9
86346 message responses generated
igmp:
ipencap:
tcp:
63770 packets sent
34097 data packets (10395930 bytes)
136 data packets (61045 bytes) retransmitted
23843 ack-only packets (40448 delayed)
14 window update packets
5680 control packets
230253 packets received
42205 acks (for 10347655 bytes)
5544 duplicate acks
45514 packets (3261240 bytes) received in-sequence
171 completely duplicate packets (7560 bytes)
1 old duplicate packet
9 packets with some duplicate data (728 bytes duplicated)
575 out-of-order packets (8568 bytes)
64 window update packets
40 discarded for bad checksums
229670 packets hardware-checksummed
37 connection requests
5548 connection accepts
5564 connections established (including accepts)
6298 connections closed (including 25 drops)
18 embryonic connections dropped
41002 segments updated rtt (of 35641 attempts)
218 retransmit timeouts
8 connections dropped by rexmit timeout
9 keepalive timeouts
9 keepalive probes sent
219 correct ACK header predictions
16803 correct data packet header predictions
170664 PCB cache misses
cwr by fastrecovery: 17
cwr by timeout: 218
170 bad connection attempts
6774 SYN cache entries added
5548 completed
22 timed out
1204 dropped due to RST
122 SYN,ACKs retransmitted
27 duplicate SYNs received for entries already in the cache
17 SACK recovery episodes
96 segment rexmits in SACK recovery episodes
51984 byte rexmits in SACK recovery episodes
511 SACK options received
163 SACK options sent
udp:
130271 datagrams received
3 with no checksum
130252 input packets hardware-checksummed
2945 dropped due to no socket
118018 broadcast/multicast datagrams dropped due to no socket
35 dropped due to full socket buffers
9273 delivered
9263 datagrams output
3187 missed PCB cache
esp:
ah:
etherip:
ipcomp:
carp:
95118150 packets received (IPv4)
28654734 discarded for bad authentication
28654619 discarded for unknown vhid
3268 packets sent (IPv4)
1158 transitions to master
pfsync:
11133915 packets received (IPv4)
2 states discarded for bad values
44339 stale states
84527 failed state lookup/inserts
3169127 packets sent (IPv4)
divert:
pflow:
ip6:
43828 total packets received
1500 packets sent from this host
Input packet histogram:
UDP: 43828
Mbuf statistics:
43828 one ext mbufs
source addresses on an outgoing I/F
1158 link-locals
source addresses of same scope
1158 link-locals
divert6:
icmp6:
Output packet histogram:
multicast listener report: 330
neighbor solicitation: 12
neighbor advertisement: 1158
Histogram of error messages to be generated:
pim6:
rip6:
#
Pf.conf (identical on both machines)
Code:
ext_if="bge2"
int_if="bge1"
pfsync_if="bge0"
vlan27_if="vlan27"
vlan28_if="vlan28"
vlan29_if="vlan29"
vlan30_if="vlan30"
vlan31_if="vlan31"
vlan32_if="vlan32"
vlan33_if="vlan33"
vlan34_if="vlan34"
vlan35_if="vlan35"
icmp_types="echoreq"
ssh_ports="{ 22, 443, 80, 5455 }"
http_ports="{ 80, 443 }"
http_only="{ 80 }"
prod_int="10.0.206.0/24"
corp_int="10.0.207.0/24"
corp_dmz="7.8.9.216/29"
prod_dmz="2.3.1.64/26"
vlan_net="10.0.203.0/24"
vlan27_net="10.0.203.0/29"
vlan28_net="10.0.203.8/29"
vlan29_net="10.0.203.16/29"
vlan30_net="10.0.203.24/29"
vlan31_net="10.0.203.32/29"
vlan32_net="10.0.203.40/29"
vlan33_net="10.0.203.48/29"
vlan34_net="10.0.203.56/29"
vlan35_net="10.0.203.64/28"
gate_priv="10.0.206.1"
vpn_pptp="2.3.1.90"
elijah="10.0.206.240"
openvpn="10.0.206.241"
web_corp="2.3.1.100"
web_portal="2.3.1.100"
web_portal1="2.3.1.101"
web_portal2="2.3.1.102"
web_portal3="2.3.1.103"
web_portal4="2.3.1.104"
web_portal5="2.3.1.105"
web_portal6="2.3.1.106"
web_portal7="2.3.1.107"
web_portal8="2.3.1.108"
web_portal9="2.3.1.110"
mail_mx01="2.3.1.111"
db_01="10.0.206.201"
db_02="10.0.206.202"
db_03="10.0.206.204"
db_04="10.0.207.205"
file_repgen="10.0.206.209"
partners_web_prod="2.3.1.109"
partners_web_stage="10.0.203.53"
prodweb_stage="10.0.206.41"
prodweb_prod="10.0.206.42"
prodwebstage="10.0.206.205"
prodwebprod="10.0.206.44"
prodwebapi="10.0.206.45"
prodwebtrain="10.0.206.46"
prodweb_cust01="10.0.206.47"
prodweb_cust02="10.0.206.48"
prodweb_cust03="10.0.206.49"
prodmail_mx01="10.0.206.31"
vlan_blogs="10.0.203.61"
proj01_web_prod="10.0.203.45"
psweb_portal="2.3.1.105"
psprodweb="10.0.206.204"
prod_update_ssh="2.3.1.117"
svvpn_ssh="2.3.1.77"
psvpn_ssh="2.3.1.78"
adsvpn_ssh="2.3.1.79"
vpn_ssh="2.3.1.80"
controller="10.0.203.13"
adscontroller="10.0.203.37"
pscontroller="10.0.203.29"
svcontroller="10.0.203.21"
table <BLOCKPERM> counters file "/etc/pf_block_permanent"
set skip on lo
set skip on bge0
set fingerprints "/etc/pf.os"
set block-policy drop
set loginterface $ext_if
set debug urgent
set reassemble yes
set require-order yes
set state-policy if-bound
set ruleset-optimization none
antispoof log quick for { $int_if ($ext_if) }
# quiet the log from HISNA cisco interface
block quick on $ext_if inet proto udp from { 2.3.1.67 2.3.1.66 } port 1985 to 224.0.0.2 port 1985
block quick on $ext_if inet proto tcp from <BLOCKPERM> to any
block quick inet6
block in quick on $ext_if inet from any to 255.255.255.255
anchor "ftp-proxy/*"
# NAT-ING
pass out on $ext_if from !($ext_if) to any nat-to ($ext_if:0)
pass out on $ext_if from $controller to any nat-to $vpn_ssh
pass out on $ext_if from $svcontroller to any nat-to $svvpn_ssh
pass out on $ext_if from $elijah to any nat-to $vpn_pptp
pass out on $ext_if from $openvpn to any nat-to $vpn_pptp
pass out on $ext_if from $adscontroller to any nat-to $adsvpn_ssh
pass out on $ext_if from $prodmail_mx01 to any nat-to $mail_mx01
pass out on $ext_if from $vlan_blogs to any nat-to $web_portal7
pass in inet proto tcp from $vlan_net to !$prod_int port 80 rdr-to 127.0.0.1 port 3128 keep state
match on $ext_if all scrub (random-id min-ttl 64 set-tos lowdelay reassemble tcp max-mss 1472)
pass in log on $int_if inet proto tcp from $int_if:network to !$int_if port ftp flags S/SAFR modulate state rdr-to lo0 port 8021
block out log on $ext_if inet from $vlan_net to any
block out log on $int_if inet from $vlan_net to any
pass out on $int_if proto udp from $vlan_net to { 10.0.206.11 10.0.206.12 } port 53
pass out on $int_if proto tcp from $vlan_net to { $prodmail_mx01 } port 25
pass quick on $pfsync_if proto pfsync keep state (no-sync)
pass on { $ext_if $int_if } proto carp keep state
pass in on $ext_if inet proto tcp from any to $mail_mx01 port 25 rdr-to $prodmail_mx01 port 25
pass in on $ext_if inet proto tcp from any to $mail_mx01 port 465 rdr-to $prodmail_mx01 port 465
pass in on $ext_if inet proto tcp from 7.8.9.216/29 to $mail_mx01 port 80 rdr-to $prodmail_mx01 port 80
pass in on $ext_if inet proto tcp from 7.8.9.216/29 to $mail_mx01 port 443 rdr-to $prodmail_mx01 port 443
pass in on $ext_if inet proto tcp from 205.144.48.0/20 to $adsvpn_ssh port 22 rdr-to $adscontroller port 22
pass in on $ext_if inet proto tcp from { $corp_dmz $prod_dmz } to $adsvpn_ssh port 443 rdr-to $adscontroller port 443
pass in on $ext_if inet proto tcp from { $corp_dmz $prod_dmz } to $adsvpn_ssh port 22 rdr-to $adscontroller port 22
pass in on $ext_if inet proto tcp from { 63.123.254.0/25 7.8.9.216/29 } to $adsvpn_ssh port 10443 rdr-to $adscontroller port 10443
pass in on $ext_if inet proto tcp from any to $web_portal7 port 10022 rdr-to $vlan_blogs port 22 keep state
pass in on $ext_if inet proto tcp from any to $web_portal7 port 80 rdr-to $vlan_blogs port 80 keep state
pass out on { $vlan34_if $int_if } inet proto tcp from $vlan_blogs to 10.0.206.10 port 445 keep state
pass out on { $vlan34_if $ext_if } inet proto tcp from $vlan_blogs to 7.8.9.220 port 995 keep state
pass in on $ext_if inet proto tcp from $corp_dmz to $web_portal8 port 22 rdr-to $proj01_web_prod port 22
pass in on $ext_if inet proto tcp from 205.174.165.0/24 to $web_portal8 port 22 rdr-to $proj01_web_prod port 22
pass in on $ext_if inet proto tcp from 81.145.41.160/27 to $web_portal8 port 22 rdr-to $proj01_web_prod port 22
pass in on $ext_if inet proto tcp from any to $web_portal8 port 10022 rdr-to $proj01_web_prod port 22
pass in on $ext_if inet proto tcp from any to $web_portal8 port 80 rdr-to $proj01_web_prod port 80
pass in on $ext_if inet proto tcp from any to $web_portal8 port 443 rdr-to $proj01_web_prod port 443
pass in on $ext_if inet proto tcp from any to $partners_web_prod port 10022 rdr-to $partners_web_stage port 22 keep state
pass in on $ext_if inet proto tcp from any to $partners_web_prod port 80 rdr-to $partners_web_stage port 80 keep state
pass in on $ext_if inet proto tcp from any to $psvpn_ssh port $ssh_ports rdr-to $pscontroller port 22
pass in on $ext_if inet proto tcp from any to $web_portal5 port 80 rdr-to $prodweb_cust02 port 80
pass in on $ext_if inet proto tcp from any to $web_portal5 port 443 rdr-to $prodweb_cust02 port 443
pass in on $ext_if inet proto tcp from any to $web_portal9 port 80 rdr-to $prodweb_cust03 port 80
pass in on $ext_if inet proto tcp from any to $web_portal9 port 443 rdr-to $prodweb_cust03 port 443
pass in on $ext_if inet proto tcp from any to $web_portal port 80 rdr-to $prodweb_prod port 80
pass in on $ext_if inet proto tcp from any to $web_portal port 443 rdr-to $prodweb_prod port 443
pass in on $ext_if inet proto tcp from any to $web_portal1 port 80 rdr-to $prodwebstage port 80
pass in on $ext_if inet proto tcp from any to $web_portal1 port 443 rdr-to $prodwebstage port 443
pass in on $ext_if inet proto tcp from any to $web_portal4 port 443 rdr-to $prodwebapi port 443
pass in on $ext_if inet proto tcp from any to $web_portal4 port 80 rdr-to $prodwebapi port 80
pass in on $ext_if inet proto tcp from any to $web_portal2 port 443 rdr-to $prodwebtrain port 443
pass in on $ext_if inet proto tcp from any to $web_portal2 port 80 rdr-to $prodwebtrain port 80
pass in on $ext_if inet proto tcp from any to $svvpn_ssh port $ssh_ports rdr-to $svcontroller port 22
pass in on $ext_if inet proto tcp from any to $web_portal6 port 80 rdr-to $prodweb_cust01 port 80
pass in on $ext_if inet proto tcp from any to $web_portal6 port 443 rdr-to $prodweb_cust01 port 443
pass in on $ext_if inet proto tcp from any to $web_portal3 port 80 rdr-to $prodwebprod port 80
pass in on $ext_if inet proto tcp from any to $web_portal3 port 443 rdr-to $prodwebprod port 443
pass in on $ext_if inet proto tcp from 7.8.9.216/29 to $vpn_pptp port 1723 rdr-to $elijah port 1723
pass in on $ext_if inet proto udp from 7.8.9.216/29 to $vpn_pptp port 1194 rdr-to $openvpn port 1194
pass in on $ext_if proto gre from 7.8.9.216/29 to $vpn_pptp rdr-to $elijah
pass in on $ext_if inet proto tcp from any to $vpn_ssh port $ssh_ports rdr-to $controller port 22
pass in on $ext_if inet proto tcp from any to $prod_update_ssh port $ssh_ports rdr-to 10.0.203.5 port 22 keep state
pass in on $int_if inet proto tcp from any to $prod_int port 22 rdr-to $vlan27_net port 22 keep state
pass in on $int_if inet proto tcp from 10.8.1.2 to $vlan27_net keep state
pass out on { $vlan27_if $int_if } inet proto tcp from $vlan27_net to $db_01 port 1433 keep state
pass out on { $vlan35_if $int_if } inet proto tcp from $vlan35_net to $db_01 port 1433 keep state
pass out on { $vlan35_if $int_if } inet proto tcp from $vlan35_net to $db_03 port 1433 keep state
pass out on { $vlan35_if $int_if } inet proto tcp from $vlan35_net to $db_02 port 1433 keep state
pass out on { $vlan35_if $int_if } inet proto tcp from $vlan35_net to $db_04 port 1433 keep state
pass out on { $vlan35_if $int_if } inet from $vlan35_net to { 10.0.206.11 10.0.206.12 } keep state
pass out on { $vlan35_if $int_if } inet from $vlan35_net to $file_repgen keep state
pass in on $int_if inet proto tcp from 10.8.1.2 to $vlan35_net keep state
pass in quick on $int_if inet proto tcp from $prod_int to any port 22 keep state
pass in quick inet proto icmp all icmp-type $icmp_types keep state