[ previous ] [ next ] [ threads ]
 
 From:  Adam Gibson <agibson at ptm dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Continuously DNS Requests
 Date:  Wed, 16 Nov 2005 10:38:39 -0500
Paul Taylor wrote:
> What the matter?  Don't like my Firewall States table?  :)

Very handy indeed.  That is a huge benefit to me and I am sure many 
others.  It just doesn't give you an idea about what is actually 
traversing that connection or how much is traversing it.

> 
> Yes, I agree that this is a problem where the solution isn't obvious without
> a sniffer, but the states table can give you good leads... He might have not
> known there was a problem without it.
> 

Yea...  but I want a sniffer ;)  Seriously though... I am sure we both 
agree that if one was available it would be used a lot when diagnosing 
problems.

> The states table uses a program that was already in the Monowall image, so
> it mostly took the PHP code to call it, parse the result, allow sorting, and
> perform the deltas on packets and bytes.
>

> If you can find a command-line based sniffer application that is in the
> 50-100K range (including all supporting files), Manuel might let it slip
> into production, if someone can make a decent interface for it.  Heck, I
> might even give it a shot.
> 

It looks like the images and module install scripts at 
http://www.xs4all.nl/~fredmol/m0n0/ to add tcpdump and ssh were updated 
to the 1.2 version so I can just use that.  The older scripts that were 
on that site for 1.1 didnt work with 1.2.  It seems to add just over 1 
meg to the size btw.

I will drop the issue of tcpdump now.  Everyone knows that I think it 
would be useful and we have slightly gone off topic.  Thanks for the 
firewall state table.