[OpenBSD]

Manual Page Search Parameters




ipmon(8)                                                 ipmon(8)


NAME
       ipmon - monitors /dev/ipl for logged packets

SYNOPSIS
       ipmon  [  -aDFhnstvxX  ]  [  -o  [NSI] ] [ -O [NSI] ] [ -N
       <device> ] [ -S <device> ] [ -f <device> ] [ <filename> ]

DESCRIPTION
       ipmon opens /dev/ipl for reading and  awaits  data  to  be
       saved  from  the packet filter.  The binary data read from
       the device is reprinted in human readable  form;  however,
       IP#'s  are  not  mapped  back  to hostnames, nor are ports
       mapped back to service names.  The output goes to standard
       output  by  default or a filename, if given on the command
       line.  Should the -s option be  used,  output  is  instead
       sent  to  syslogd(8).   Messages  sent via syslog have the
       day, month and year removed from the message, but the time
       (including microseconds), as recorded in the log, is still
       included.

OPTIONS
       -a     Open all of the device  logfiles  for  reading  log
              entries  from.   All  entries  are displayed to the
              same output 'device' (stderr or syslog).

       -f <device>
              specify an alternative device/file  from  which  to
              read  the  log information for normal IP Filter log
              records.

       -D     When set ipmon will fork and become a daemon.

       -F     Flush the current packet log buffer.  The number of
              bytes  flushed is displayed, even should the result
              be zero.

       -N <device>
              Set the logfile to be opened for  reading  NAT  log
              records from to <device>.

       -n     IP addresses and port numbers will be mapped, where
              possible, back into hostnames and service names.

       -o     Specify which log files to actually read data from.
              N  -  NAT logfile, S - State logfile, I - normal IP
              Filter logfile.  The -a  option  is  equivalent  to
              using -o NSI.

       -O     Specify  which  log  files  you do not wish to read
              from.  This is most  sensibly  used  with  the  -a.
              Letters  available  as  parameters  to this are the
              same as for -o.

       -s     Packet information read in  will  be  sent  through



                                                                1





ipmon(8)                                                 ipmon(8)


              syslogd  rather  than saved to a file.  The default
              facility when compiled  and  installed  is  local0.
              The following levels are used:

              LOG_INFO  -  packets logged using the "log" keyword
              as the action rather than pass or block.

              LOG_NOTICE - packets logged which are also passed

              LOG_WARNING - packets logged which are also blocked

              LOG_ERR  - packets which have been logged and which
              can be considered "short".

       -S     Treat the logfile as being composed  of  state  log
              records.

       -S <device>
              Set  the logfile to be opened for reading state log
              records from to <device>.

              -t read the input file/device in a manner  akin  to
              tail(1).

       -v     show tcp window, ack and sequence fields.

       -x     show the packet data in hex.

       -X     show the log header record data in hex.

DIAGNOSTICS
       ipmon expects data that it reads to be consistent with how
       it should be saved and will abort if it fails an assertion
       which detects an anomaly in the recorded data.

FILES
       /dev/ipl
       /dev/ipnat
       /dev/ipstate

SEE ALSO
       ipf(8),  ipftest(1),  ipnat(8),  ipf(4), ipl(4), ipnat(4),
       ipf(5), ipnat(5), ipfstat(8)
       http://coombs.anu.edu.au/ipfilter/

BUGS











                                                                2