Home > World Of ICT > Memanfaatkan sysctl untuk memantau Incoming Traffick – FreeBSD

Memanfaatkan sysctl untuk memantau Incoming Traffick – FreeBSD


Sysctl is an interface for examining and dynamically changing parameters in the BSD and Linux operating systems. The implementation mechanism in these two systems is very different.

In BSD these parameters are generally objects in a management information base (MIB) that describe tunable limits such as the size of a shared memory segment, the number of threads the operating system will use as an NFS client, or the maximum number of processes on the system; or describe, enable or disable behaviors such as IP forwarding, security restrictions on the superuser (the “securelevel”), or debugging output.  In BSD a system call or system call wrapper is usually provided for use by programs, as well as an administrative program and a configuration file (for setting the tunable parameters when the system boots).

We’ll gonna try on FreeBSD environtment, and use tcp log feature for monitoring all connection input traffick .

DMZ# sysctl net.inet.tcp.log_in_vain=1
net.inet.tcp.log_in_vain:0 -> 1
DMZ# tail -f /var/log/messages


Mar 17 11:08:45 DMZ kernel: TCP: [91.189.92.171]:80 to [202.43.189.206]:64883 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:45 DMZ kernel: TCP: [88.191.127.22]:80 to [202.43.189.206]:57911 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:46 DMZ kernel: TCP: [78.46.38.66]:80 to [202.43.189.206]:59582 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:46 DMZ kernel: TCP: [121.136.134.143]:5241 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Mar 17 11:08:47 DMZ kernel: TCP: [78.46.38.66]:80 to [202.43.189.206]:62084 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:48 DMZ kernel: TCP: [199.59.148.10]:80 to [202.43.189.206]:54700 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:48 DMZ kernel: TCP: [142.167.7.103]:60966 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Mar 17 11:08:49 DMZ kernel: TCP: [125.165.80.238]:55218 to [202.43.189.198]:8080 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Mar 17 11:08:49 DMZ kernel: TCP: [121.136.134.143]:5241 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Mar 17 11:08:49 DMZ kernel: TCP: [88.191.127.22]:80 to [202.43.189.206]:62004 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:50 DMZ kernel: TCP: [79.103.31.126]:55620 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Mar 17 11:08:51 DMZ kernel: TCP: [142.167.7.103]:60966 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Mar 17 11:08:52 DMZ kernel: TCP: [125.165.80.238]:55218 to [202.43.189.198]:8080 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Mar 17 11:08:53 DMZ kernel: TCP: [91.189.90.217]:80 to [202.43.189.206]:62830 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:53 DMZ kernel: TCP: [91.189.90.217]:80 to [202.43.189.206]:54652 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:53 DMZ kernel: TCP: [79.103.31.126]:55620 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Mar 17 11:08:53 DMZ kernel: TCP: [91.189.90.217]:80 to [202.43.189.206]:60147 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:54 DMZ kernel: TCP: [91.189.88.30]:80 to [202.43.189.206]:58106 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:55 DMZ kernel: TCP: [121.136.134.143]:5241 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Mar 17 11:08:55 DMZ kernel: TCP: [91.189.90.217]:80 to [202.43.189.206]:54753 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:56 DMZ kernel: TCP: [91.189.92.169]:80 to [202.43.189.206]:53835 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:56 DMZ kernel: TCP: [91.189.90.217]:80 to [202.43.189.206]:65414 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:56 DMZ kernel: TCP: [91.189.90.217]:80 to [202.43.189.206]:57240 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:56 DMZ kernel: TCP: [91.189.90.217]:80 to [202.43.189.206]:63976 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:57 DMZ kernel: TCP: [91.189.92.170]:80 to [202.43.189.206]:65496 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:57 DMZ kernel: TCP: [142.167.7.103]:60966 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Mar 17 11:08:57 DMZ kernel: TCP: [219.85.184.54]:52570 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Mar 17 11:08:57 DMZ kernel: TCP: [91.189.88.30]:80 to [202.43.189.206]:58439 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:57 DMZ kernel: TCP: [91.189.92.171]:80 to [202.43.189.206]:56653 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:58 DMZ kernel: TCP: [219.85.184.54]:52577 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Mar 17 11:08:58 DMZ kernel: TCP: [125.165.80.238]:55218 to [202.43.189.198]:8080 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Mar 17 11:08:58 DMZ kernel: TCP: [192.168.40.65]:9456 to [202.43.189.195]:135 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Mar 17 11:08:58 DMZ kernel: TCP: [192.168.40.65]:9458 to [202.43.189.196]:135 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Mar 17 11:08:58 DMZ kernel: TCP: [192.168.40.65]:9459 to [202.43.189.199]:135 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Mar 17 11:08:58 DMZ kernel: TCP: [192.168.40.65]:9460 to [202.43.189.198]:135 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Mar 17 11:08:58 DMZ kernel: TCP: [192.168.40.65]:9461 to [202.43.189.200]:135 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Mar 17 11:08:58 DMZ kernel: TCP: [173.193.22.188]:80 to [202.43.189.206]:59060 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
Mar 17 11:08:58 DMZ kernel: TCP: [91.189.92.169]:80 to [202.43.189.206]:62924 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
^C

Categories: World Of ICT Tags: , ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: