On Dec 28, 2022, at 6:21 AM, Dan Mack <m...@macktronics.com> wrote:
>
> I'm wondering if anyone can help point me at a good way to continously
> capture every inbound and outbound connection made to a freebsd system. I'd
> prefer a way that is native in base if possible. I don't really want to
> record all the packets, just the src:dest:rport:dport stats.
I'd build a simple program using pcap(3), and compile a bpf program
using pcap_compile and then do pcap_setfilter to capture just the
packets I want. Then save the desired fields from captured packets
(and use a hashtable if just {src,dst}{ip,port} are wanted). There
are online examples one can start from.
