Firewalling with OpenBSD's PF packet filter
Prev		Next

Keeping an eye on things with systat

If you are interested in seeing an instant snapshot of the traffic passing through your systems right now, the systat program on OpenBSD offers several useful views. One such view is the states view, which offers a live view of the state table. Here is a typical view:

   3 users    Load 2.38 2.34 2.25  (1-25 of 184)       Sun Nov 28 19:07:57 2010

PR    D SRC                  DEST                 STATE   AGE   EXP  PKTS BYTES  RATE  PEAK   AVG
tcp   I 192.168.103.84:51576 208.43.202.3:80       4:4  4984m 86369 12561 2199K     0   108     7
tcp   O 213.187.179.198:5157 208.43.202.3:80       4:4  4984m 86369 12561 2199K     0   108     7
tcp   I 192.168.103.254:5598 78.31.12.67:80        4:4  4570m 86373 22954 4781K     0    23    17
tcp   O 213.187.179.198:5598 78.31.12.67:80        4:4  4570m 86373 22954 4781K     0    23    17
tcp   I 10.168.103.15:3427   213.187.179.198:22    4:4  96162 86373  4784  705K     0    43     7
tcp   I 10.168.103.15:22198  128.237.157.136:6667  4:4  26629 86385  6743 1918K     0  1677    73
tcp   O 213.187.179.198:2219 128.237.157.136:6667  4:4  26629 86385  6743 1918K     0  1677    73
tcp   I 10.168.103.15:19492  203.27.221.42:6667    4:4  26592 86385  2635  216K     0    34     8
tcp   O 213.187.179.198:1949 203.27.221.42:6667    4:4  26592 86385  2635  216K     0    34     8
tcp   I 10.168.103.15:4169   209.250.145.51:6667   4:4  26590 86385  2883  260K     0    40    10
tcp   O 213.187.179.198:4169 209.250.145.51:6667   4:4  26590 86385  2883  260K     0    40    10
tcp   I 10.168.103.15:29582  198.3.160.3:6667      4:4  26543 86385  2931  224K     0    34     8
tcp   O 213.187.179.198:2958 198.3.160.3:6667      4:4  26543 86385  2931  224K     0    34     8
tcp   I 10.168.103.15:26952  130.133.4.11:119      4:4  26340 86260  1015  522K     0     0    20
tcp   O 213.187.179.198:2695 130.133.4.11:119      4:4  26340 86260  1015  522K     0     0    20
tcp   I 192.168.103.254:6329 192.168.103.84:9000   4:4  26289 86376 29407   21M     0  6197   838
tcp   O 192.168.103.1:53161  192.168.103.84:9000   4:4  26289 86376 29407   21M     0  6197   838
tcp   I 10.168.103.15:28623  129.240.64.10:6667    4:4  25984 86385  3927  359K     0    32    14
tcp   O 213.187.179.198:2862 129.240.64.10:6667    4:4  25984 86385  3927  359K     0    32    14
tcp   I 10.168.103.15:4436   213.187.179.198:22    4:4  14349 86381   978  223K     0    56    15
icmp  I 10.168.103.15:34372  213.187.179.198:8     0:0  11083    10 21716 1781K   168   168   164
tcp   I 10.168.103.15:35760  194.14.70.181:80      4:4  10596 75806   143  114K     0     0    11
tcp   O 213.187.179.198:3576 194.14.70.181:80      4:4  10596 75806   143  114K     0     0    11
tcp   I 192.168.103.84:52785 74.125.77.188:5228    4:4   7877 85731    53  4833     0     0     0
tcp   O 213.187.179.198:5278 74.125.77.188:5228    4:4   7877 85731    53  4833     0     0     0

Wider terminal windows offer more detail, and the OpenBSD version of systat offers several other PF-related views.

Prev	Home	Next
But there are limits (an anecdote)		Keeping an eye on things with pftop