Subject: RE: ippl?
To: 'xl' <netbsd-help@netbsd.org>
From: Michael D. Spence <spence@panix.com>
List: netbsd-help
Date: 01/30/2003 15:27:17
> -----Original Message-----
> From: netbsd-help-owner@netbsd.org
> [mailto:netbsd-help-owner@netbsd.org]On Behalf Of xl
> Sent: Thursday, January 30, 2003 2:56 PM
> To: netbsd-help@netbsd.org
> Subject: Re: ippl?
> 
> 
> > Re. http://mail-index.netbsd.org/netbsd-help/2003/01/29/0002.html
> >
> > Have you looked at tcpdump(8)?  What doesn't it do that the 
> GNU/LINUX ippl
> > does?
> Well, tcpdump has a different goal. ippl (linux) logs every connection
> attempt udp/tcp (syn) to syslog. This makes it possible for 
> me to see if
> someone scanned my box, how many connections to service xy 
> were initiated.
> very useful. i'm looking for a tool which does the same for 
> netbsd. does
> anyone know one?

tcpdump "tcp[tcpflags] & (tcp-syn|tcp-fin) != 0"

lets me log packets with Syn and Fin flags.