# Network question.



## dramcio (Feb 4, 2013)

Hello.

I try to find program which can:

a) See all connections to my PC on X interface
b) See all connections to my PC and showing packets send/out to my PC
c) See all connections to my PC on X port by Y interface
d) if *I* can from this program add connection to firewall (block it) it will be nice 

Google doesn't shows me answers for these questions.

Regards

P.S Freebsd FreeBSD 9.0


----------



## abhay4589 (Feb 4, 2013)

You don't need anything Special there, It's very simple.



> a) Saw all connections to my pc on X interface
> b) See all connections to my pc and showing packets send/out to my pc
> c) See all connections to my pc on X port by Y interface ;P


=> You can use 'netstat' to view the Connections.
[CMD="netstat -n -p tcp"][/CMD]
Use some tool like 'vnstat' to view traffic over long period of time.
It will show you traffic as live feed.

Since I am assuming you don't want anything that can ruin your network, You shouldn't opt out for last one. If you want to go for it, then Go for IDS/IPS called 'Snort' you will be able to insert rules dynamically but I think it will be overkill.


----------



## dramcio (Feb 4, 2013)

I have installed vnstat.

It's a nice program, but tell me how to find IPs who send me the most packets?

And rx = download, tx= upload?


----------



## Orum (Feb 4, 2013)

Something like net-mgmt/iftop might be what you're looking for.


----------



## dramcio (Feb 4, 2013)

iftop it is! Thanks.

Is it possible to automatically block someone who sends me > 1000 packets? 
`ipfw add table 1 ip`

But how to make this script?


----------



## abhay4589 (Feb 5, 2013)

It is possible with Packet firewall,

```
pass in on $ext_if proto tcp to $web_server \
    port www keep state \
    (max 200, source-track rule, max-src-nodes 100, max-src-states 3)
```
With Ipfw you might need to look at QoS options.


----------



## dramcio (Feb 5, 2013)

abhay i need to add this 


```
pass in on $ext_if proto tcp to $web_server \
    port www keep state \
    (max 200, source-track rule, max-src-nodes 100, max-src-states 3)
```

to firewall.rules ?
Where i can set max packets send to me from one ip ?


----------



## abhay4589 (Feb 6, 2013)

You mentioned you are using 'ipfw' but this is 'Packet filter' rule set.
You can't add it just as is.
For 'ipfw' it would be:
This will block If someone is requesting content from you.

```
ipfw -q add 35 allow tcp from any[OR ANY IP THAT YOU WANT TO BLOCK] to me 80 in via [INTERFACE NAME] setup limit src-addr 1[LIMIT]
```
For Limiting your LOCALLAN use something like this.

```
ipfw add allow tcp from my-net/24 to any  limit src-addr 10
```

For more info refer to: FreeBSD Handbook
Note: All these changes can be made on CMD or '/etc/ipfw.rules'


----------

