Looking for info on seeing near-real-time or real-time info on TCP
connection states using pftop.
A 4.3-release box has pf rules that allow Windows Remote Desktop
connections from a handful of sources.
pftop shows entries something like the following:
PR D SRC DEST STATE AGE EXP
PKTS BYTES
tcp I 666.1.2.3:2048 666.4.5.6:3389 4:4 32387 57663 40930 10M
tcp O 666.1.2.3:2048 666.4.5.6:3389 4:4 32397 57653 40930 10M
Problem is, this RDC session ended more than two hours ago.
The pftop(8) manpage says the EXP column means there are more than
40,000 seconds left until these entries expire.
Is there some better way of monitoring current TCP connection states?
many thanks
dn
ps. Tangential, but where can I learn more about the "STATE" column
above? I don't see anything in the manpage about the meaning of "4:4"
but perhaps I missed it.
