am new to openbsd, but using it on our business server.
I have been using systat, pfctl, tcpdump and other tools to monitor
server logs as well as the apache logs.
following the following command
"sudo tcpdump -ttt -r /var/log/pflog port 22 |less"
if found one entry which puzzled me
"mar 31 14:33:44.484756 xxx.xxx.xxx.xxx:22 >xxx.xxx.xxx.xxx:80
R 0:0(0) ack 1 win 0(pf)"
i read this as ip xxx.xxx.xxx.xxx:22 connected to our webserver xxx.xxx.xxx.xxx:80
what made me curious was the :22 of the connecting machine. Does this mean that
the user or robot as xxx.xxx.xxx.xxx:22 simply was outgoing from their machine on
port 22 to my server at port 80???????????
we were curious because we block all p22 traffic from anywhere except our internal
what does R 0:0(0) ack 1 win 0(pf) mean ?????
yes have read man page for tcpdump (don't mind be pointed to more
neewbie docs that would help w/this)
any help appreciated
|Thread||Thread Starter||Forum||Replies||Last Post|
|Understanding and Community||Ninguem||Off-Topic||4||31st March 2012 01:22 AM|
|Help needed with understanding PF rules||sparky||OpenBSD Security||7||26th March 2012 09:07 PM|
|Understanding Fdisk, Slice, and the MBR (Master Boot Record)||FBSD||Guides||1||20th February 2010 08:33 PM|
|i would like to know about tcpdump||chamnanpol||FreeBSD General||8||17th September 2008 11:00 AM|
|Understanding the FreeBSD kernel||TomAmundsen||FreeBSD General||3||7th July 2008 02:48 PM|