FreeBSD Networking Tips

Tip 1 See source and destination addresses on port 80

If you want to monitor on a router source ips or addresses from lan and destination addresses, to see sites visited by your LAN users you can use tcpdump:

# tcpdump -i int_if -q port 80

Tip 2 See if you have virused computers in your LAN

Windows viruses usualy make traffic on 139 and 445, so a tcpdump on router on that port will find such kind of traffic.

# tcpdump -tlni fxp0 port 139 and 445

Tip 3 Block PING from outside with IPFW

If you want to be invisible to PINGS from Internet, you could block ICMP packets. But some other services might be blocked to, so this is not good. Also you will not be able to ping hosts from the server. So to solve this the best way is to only ping ICMP Echo Requests. This can be done with the following ipfw rule:

# ipfw add deny icmp from any to me icmptypes 8

Tip 3. View ICMP traffic

tcpdump -s 1600 -nvvvpX icmp