{"id":403,"date":"2011-03-17T04:21:04","date_gmt":"2011-03-17T04:21:04","guid":{"rendered":"http:\/\/gigihfordanama.wordpress.com\/?p=403"},"modified":"2012-08-08T00:12:37","modified_gmt":"2012-08-08T00:12:37","slug":"memanfaatkan-sysctl-untuk-memantau-aktifitas-external-freebsd","status":"publish","type":"post","link":"https:\/\/dosen.unila.ac.id\/gigih\/2011\/03\/17\/memanfaatkan-sysctl-untuk-memantau-aktifitas-external-freebsd\/","title":{"rendered":"Memanfaatkan sysctl untuk memantau Incoming Traffick – FreeBSD"},"content":{"rendered":"

Sysctl<\/strong> is an interface for examining and dynamically changing parameters in the BSD<\/a> and Linux<\/a> operating systems. The implementation mechanism in these two systems is very different.<\/p>\n

In BSD these parameters are generally objects in a management information base<\/a> (MIB) that describe tunable limits such as the size of a shared memory segment, the number of threads the operating system will use as an NFS<\/a> client, or the maximum number of processes on the system; or describe, enable or disable behaviors such as IP<\/a> forwarding, security restrictions on the superuser<\/a> (the “securelevel”), or debugging output.\u00a0 In BSD a system call<\/a> or system call wrapper is usually provided for use by programs, as well as an administrative program and a configuration file (for setting the tunable parameters when the system boots<\/a>).<\/p>\n

We’ll gonna try on FreeBSD environtment, and use tcp log feature for monitoring all connection input traffick .<\/p>\n

DMZ# <\/strong><\/em>sysctl net.inet.tcp.log_in_vain=1
\n net.inet.tcp.log_in_vain:0 -> 1<\/em>
\n DMZ#<\/strong><\/em> tail -f \/var\/log\/messages<\/p>\n


\nMar 17 11:08:45 DMZ kernel: TCP: [91.189.92.171]:80 to [202.43.189.206]:64883 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:45 DMZ kernel: TCP: [88.191.127.22]:80 to [202.43.189.206]:57911 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:46 DMZ kernel: TCP: [78.46.38.66]:80 to [202.43.189.206]:59582 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:46 DMZ kernel: TCP: [121.136.134.143]:5241 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:47 DMZ kernel: TCP: [78.46.38.66]:80 to [202.43.189.206]:62084 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:48 DMZ kernel: TCP: [199.59.148.10]:80 to [202.43.189.206]:54700 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:48 DMZ kernel: TCP: [142.167.7.103]:60966 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:49 DMZ kernel: TCP: [125.165.80.238]:55218 to [202.43.189.198]:8080 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:49 DMZ kernel: TCP: [121.136.134.143]:5241 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:49 DMZ kernel: TCP: [88.191.127.22]:80 to [202.43.189.206]:62004 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:50 DMZ kernel: TCP: [79.103.31.126]:55620 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:51 DMZ kernel: TCP: [142.167.7.103]:60966 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:52 DMZ kernel: TCP: [125.165.80.238]:55218 to [202.43.189.198]:8080 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:53 DMZ kernel: TCP: [91.189.90.217]:80 to [202.43.189.206]:62830 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:53 DMZ kernel: TCP: [91.189.90.217]:80 to [202.43.189.206]:54652 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:53 DMZ kernel: TCP: [79.103.31.126]:55620 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:53 DMZ kernel: TCP: [91.189.90.217]:80 to [202.43.189.206]:60147 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:54 DMZ kernel: TCP: [91.189.88.30]:80 to [202.43.189.206]:58106 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:55 DMZ kernel: TCP: [121.136.134.143]:5241 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:55 DMZ kernel: TCP: [91.189.90.217]:80 to [202.43.189.206]:54753 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:56 DMZ kernel: TCP: [91.189.92.169]:80 to [202.43.189.206]:53835 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:56 DMZ kernel: TCP: [91.189.90.217]:80 to [202.43.189.206]:65414 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:56 DMZ kernel: TCP: [91.189.90.217]:80 to [202.43.189.206]:57240 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:56 DMZ kernel: TCP: [91.189.90.217]:80 to [202.43.189.206]:63976 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:57 DMZ kernel: TCP: [91.189.92.170]:80 to [202.43.189.206]:65496 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:57 DMZ kernel: TCP: [142.167.7.103]:60966 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:57 DMZ kernel: TCP: [219.85.184.54]:52570 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:57 DMZ kernel: TCP: [91.189.88.30]:80 to [202.43.189.206]:58439 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:57 DMZ kernel: TCP: [91.189.92.171]:80 to [202.43.189.206]:56653 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:58 DMZ kernel: TCP: [219.85.184.54]:52577 to [202.43.189.206]:23871 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:58 DMZ kernel: TCP: [125.165.80.238]:55218 to [202.43.189.198]:8080 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:58 DMZ kernel: TCP: [192.168.40.65]:9456 to [202.43.189.195]:135 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:58 DMZ kernel: TCP: [192.168.40.65]:9458 to [202.43.189.196]:135 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:58 DMZ kernel: TCP: [192.168.40.65]:9459 to [202.43.189.199]:135 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:58 DMZ kernel: TCP: [192.168.40.65]:9460 to [202.43.189.198]:135 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:58 DMZ kernel: TCP: [192.168.40.65]:9461 to [202.43.189.200]:135 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:58 DMZ kernel: TCP: [173.193.22.188]:80 to [202.43.189.206]:59060 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\nMar 17 11:08:58 DMZ kernel: TCP: [91.189.92.169]:80 to [202.43.189.206]:62924 tcpflags 0x12<SYN,ACK>; tcp_input: Connection attempt to closed port
\n^C<\/p>\n","protected":false},"excerpt":{"rendered":"

Sysctl is an interface for examining and dynamically changing parameters in the BSD and Linux operating systems. The implementation mechanism in these two systems is very different. In BSD these parameters are generally objects in a management information base (MIB) that describe tunable limits such as the size of a shared memory segment, the number … Continue reading “Memanfaatkan sysctl untuk memantau Incoming Traffick – FreeBSD”<\/span><\/a><\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1348,9],"tags":[358,667,1129],"class_list":["post-403","post","type-post","status-publish","format-standard","hentry","category-kiat-sukses-menjadi-seorang-network-engineer-2","category-world-of-ict","tag-freebsd","tag-monitoring","tag-sysctl"],"_links":{"self":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts\/403"}],"collection":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/comments?post=403"}],"version-history":[{"count":0,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts\/403\/revisions"}],"wp:attachment":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/media?parent=403"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/categories?post=403"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/tags?post=403"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}