Monitoring connections on OpenBSD hosts

I received a comment from a reader regarding the trafshow utility. Trafshow is definitely a cool piece of software, and I use it one some of my Linux hosts. On my OpenBSD systems, I have been using the pktstat utility, which provides connection statistics for all traffic on the system:

$ pktstat

interface: sis0    total: 13.8Mb (1m34s)
cur: 147.0k (72%) [115.5k 39.4k 14.5k] min: 94.4k max: 202.3k avg: 145.6k bps

   bps    %      b desc                                                                     
134.4k  66%  12.9M tcp 192.168.1.10:8010 <-> 192.168.1.100:58720
 105.6   0%  528.0 tcp 192.168.1.10:www <-> 192.168.1.100:54947
 12.5k   6%  62.5k tcp 192.168.1.10:www <-> 192.168.1.100:64475
                   - 200 GET /index.html

Since trafshow contains numerous features that aren’t present in pktstat, I reckon I should upgrade my OpenBSD image to use trafshow. Thanks for the comment!

Configuring OpenBSD to support cable modems

I recently switched from DSL to cable, and had to learn how to use the ISC DHCP software with OpenBSD and my cable provider (Comcast). This was relatively easy, and the dhclient(8) manpage has lots of useful information and examples. Once I read through the man page, I created a file called/etc/dhcpclient.conf with the following information:

interface "hme0" {
send host-name "OBSD1";
request subnet-mask, broadcast-address, time-offset, routers;
}

script "/etc/dhclient-end";

This configuration file tells dhclient(8)to request DHCP services on the hme0 interface. The services are defined between curly braces, and include default routers, DNS servers, and the time a lease is valid ( I personally only grab netmask, broadcast, lease time, IP addresses and default routers from the Comcast DHCP servers). I also created the following shell script to flush the PF stable table, and add a new Pf policy during lease negotiation:

#!/bin/sh

# Startup PF
/sbin/pfctl -e -F all -f /etc/pf.conf

Once the configuration is in place, the dhclient(8) utility can be invoked to grab a lease on an interface defined in dhclient.conf:

$ dhclient hme0

When you are attempting to get DHCP working, you can run the dhclient(8) utility with the “-d” option. This will print tons of debugging information, and help you clear up issues in a timely manner. Now that the DHCP connection is working, I added the following to /etc/rc.conf to grab a lease when the server boots:

# Bringup hme0
echo -n "Bringing hme0 online..."
/sbin/ifconfig hme0 up
echo "Done"

# Startup the cable connection 
echo -n "Startup Cable connection..."
/sbin/dhclient hme0
echo "Done"

If you want to review the leases and expiration times, you can view the contents of
“/var/db/dhclient.leases”:

$ ls -al /var/db/dhclient.leases
———- 1 root wheel 796 Mar 27 13:48 /var/db/dhclient.leases

You should enable pf in /etc/rc.conf, and ensure a default policy is in place prior to grabbing the initial lease. There is a period of time when you will be sitting on the Internet unprotected. It might be paranoia, but I like to have a DROP ALL but DHCP policy in place prior to dhclient starting.