OS X questions

[aux]

Recently I got a powerbook, but I have no experience with OS X, so here are some questions:

4) What is a good firewall log viewer (or firewall)?

I know that Mac OS has built-in firewall (ipfw) and I can set the rules the way I like. The problem is that I haven't seen any good log viewers. I tried the firewall log viewers built into BrickHouse and NetBarrier.

BrickHouse is a front-end for ipfw. The problem is that I don't like the log viewer e.g. some of the entries have no time stamps at all. The rules for the different interfaces seems to interfere with each other (I may be wrong about this, I didn't investigate enough).

NetBarrier doesn't seem to use ipfw (I don't like this, I guess ipfw should be better than whatever proprietary technology NetBarrier uses), but I like its log viewer better. The only problem is that when it logs connections, it logs too much. E.g. if I set a rule to allow and log all connections from my computer to port 8080 of any IP address, and the web browser opens connections from ports X, X+1, ..., X+n to 8080, there is a log entry for each of the origin ports that makes the log unreadable.

Any ideas how to fix the above problems or suggestions for other firewall log viewers?



------
Edit: questions 1 - 3 answered

1) I can enable status icons for the airport and bluetooth connections, but is there any way to display network status icon for the ethernet connection?

2) When my powerbook gets an IP address from a DHCP server, the machine name changes from, say "powerbook" to "dhcpXXXYYYYZZZTTT.domain.tld" that is assigned by the DHCP server (where XXX.YYY.ZZZ.TTT is the IP address and domain.tld is my IPS's domain). Obviously I have no control over the DHCP server. Is it possible to make the machine to ignore the DHCP assigned name and to keep the one that I assigned?

3) Is there any way to disable the startup sound?

 

[n0cmonkey]

3. Mute the powerbook.

 

[eigen]

where are you reading your computer name from.what do you mean the name changes.where do you see this occuring.

 

[n0cmonkey]

Really, the hostname changing shoulnd't affect ANYTHING. Are you noticing any problems? I am looking though, which version of OS X?

What would you want an ethernet icon for? You can just look at the side of the powerbook for a cable.

 

[n0cmonkey]

To quote trevor (at Macosxhints forums):

With a Unix-friendly editor, edit the file /etc/hostconfig as root and change the line that says

HOSTNAME=-AUTOMATIC-

to read

HOSTNAME=mnm_bschwie

Trevor

 

[aux]

@ eigen: I'm reading the DHCP assigned machine name from the command prompt (terminal.app), the problem is that something like
dhcpXXXYYYYZZZTTT: ~username$
is quite annoying. I know that I can change .bashrc so that it doesn't display the machine name or it displays "powerbook", but this is still annoying.

@ n0cmonkey: Thanks for the responses. I didn't notice any problems with the hostname, but I am still trying to set it the way I want. It is running OS X 10.4 (tiger).
For the ethernet icon, I was looking for a way to place one on the menu bar next to the airport and bluetooth icons.
If I am connecting remotely to the powerbook (not that I will ever try to do this), I may not be able to check for ethernet cable; of course if I can connect, there should be a cable or an airport connection or something else

 

[n0cmonkey]

Let us know if the fix for the hostname I posted workss.

What I'd like is a general network icon that allows you to choose between the different network profiles easily...

 

[aux]

Originally posted by: n0cmonkey
Let us know if the fix for the hostname I posted workss.

it works, except for that there was no default value for HOSTNAME so I had to add new line

 

[n0cmonkey]

Originally posted by: aux

Originally posted by: n0cmonkey
Let us know if the fix for the hostname I posted workss.

it works, except for that there was no default value for HOSTNAME so I had to add new line

Maybe that's something new in 10.4, it appears on my 10.3 PB. :beer:

 

[chcarnage]

Originally posted by: aux1) I can enable status icons for the airport and bluetooth connections, but is there any way to display network status icon for the ethernet connection?

It's not as elegant as the Bluetooth and Airport icon, but you may try the freeware MenuMeters. It displays a net traffic meter on the right side of your menu bar that shows you the activity and IP of all interfaces while clicking it (Image)

 

[aux]

Originally posted by: chcarnage

Originally posted by: aux1) I can enable status icons for the airport and bluetooth connections, but is there any way to display network status icon for the ethernet connection?

It's not as elegant as the Bluetooth and Airport icon, but you may try the freeware MenuMeters. It displays a net traffic meter on the right side of your menu bar that shows you the activity and IP of all interfaces while clicking it (Image)

Thanks, will try that program.

 

[hopejr]

Originally posted by: n0cmonkey

Originally posted by: aux

Originally posted by: n0cmonkey
Let us know if the fix for the hostname I posted workss.

it works, except for that there was no default value for HOSTNAME so I had to add new line

Maybe that's something new in 10.4, it appears on my 10.3 PB. :beer:

I don't think that going into the terminal and editing a config file was necessary. You can set the host name in System Preferences, and it shouldn't change (that's the only place I've set it and I've never had problems with the DHCP server changing it).
In the Sharing preference pane, click the Edit... button below the Computer Name text field. In there you can set it.

 

[aux]

Originally posted by: hopejr

Originally posted by: n0cmonkey

Originally posted by: aux

Originally posted by: n0cmonkey
Let us know if the fix for the hostname I posted workss.

it works, except for that there was no default value for HOSTNAME so I had to add new line

Maybe that's something new in 10.4, it appears on my 10.3 PB. :beer:

I don't think that going into the terminal and editing a config file was necessary. You can set the host name in System Preferences, and it shouldn't change (that's the only place I've set it and I've never had problems with the DHCP server changing it).
In the Sharing preference pane, click the Edit... button below the Computer Name text field. In there you can set it.

This is where I had it set to "powerbook" and it stayed "powerbook" if the laptop was connected to my LAN (static non-routable IP address, no DHCP assigned IP address). However, every time when the machine gets DHCP assigned IP address, that particular DHCP server also assigns hostname. Not all DHCP servers are set to assign hostnames, maybe that is the reason why in your case the hostname didn't change.

 

[Childs]

Originally posted by: hopejr

Originally posted by: n0cmonkey

Originally posted by: aux

Originally posted by: n0cmonkey
Let us know if the fix for the hostname I posted workss.

it works, except for that there was no default value for HOSTNAME so I had to add new line

Maybe that's something new in 10.4, it appears on my 10.3 PB. :beer:

I don't think that going into the terminal and editing a config file was necessary. You can set the host name in System Preferences, and it shouldn't change (that's the only place I've set it and I've never had problems with the DHCP server changing it).
In the Sharing preference pane, click the Edit... button below the Computer Name text field. In there you can set it.

Those hostnames are mainly for rendezvous services, and doing local browsing. If you can't resolve a hostname your shell will fallback to that, but once you get a real name, any name, the shell will use it. For what he wanted (shell hostname to something other thant he reverse lookup name) editing /etc/hostconfig was necessary.

 

[aux]

Originally posted by: Childs

Originally posted by: hopejr

Originally posted by: n0cmonkey

Originally posted by: aux

Originally posted by: n0cmonkey
Let us know if the fix for the hostname I posted workss.

it works, except for that there was no default value for HOSTNAME so I had to add new line

Maybe that's something new in 10.4, it appears on my 10.3 PB. :beer:

I don't think that going into the terminal and editing a config file was necessary. You can set the host name in System Preferences, and it shouldn't change (that's the only place I've set it and I've never had problems with the DHCP server changing it).
In the Sharing preference pane, click the Edit... button below the Computer Name text field. In there you can set it.

Those hostnames are mainly for rendezvous services, and doing local browsing. If you can't resolve a hostname your shell will fallback to that, but once you get a real name, any name, the shell will use it. For what he wanted (shell hostname to something other thant he reverse lookup name) editing /etc/hostconfig was necessary.

Actually, I disabled (at least hope so) any sharing and browsing. I just didn't want to have something like:
dhcpXXXYYYYZZZTTT: ~username$
in the command prompt (I guess, I could've fixed that also by modifying .bashrc)

 

[hopejr]

oh, ok. Didn't realise that could happen.

 

[aux]

bump for question 4

 

[aux]

last bump for question 4

 

[n0cmonkey]

ipfw sucks soo much, I wish they'd use something decent. Just use more to view the logs.

 

[n0cmonkey]

NetBarrier doesn't seem to use ipfw (I don't like this, I guess ipfw should be better than whatever proprietary technology NetBarrier uses), but I like its log viewer better. The only problem is that when it logs connections, it logs too much. E.g. if I set a rule to allow and log all connections from my computer to port 8080 of any IP address, and the web browser opens connections from ports X, X+1, ..., X+n to 8080, there is a log entry for each of the origin ports that makes the log unreadable.

If you tell it to log all connections to 8080, then that is what it is doing.

 

[aux]

Originally posted by: n0cmonkey

NetBarrier doesn't seem to use ipfw (I don't like this, I guess ipfw should be better than whatever proprietary technology NetBarrier uses), but I like its log viewer better. The only problem is that when it logs connections, it logs too much. E.g. if I set a rule to allow and log all connections from my computer to port 8080 of any IP address, and the web browser opens connections from ports X, X+1, ..., X+n to 8080, there is a log entry for each of the origin ports that makes the log unreadable.

If you tell it to log all connections to 8080, then that is what it is doing.

Sorry, that wasn't clear. It would be nice if the log viewer has an option to summarize all consecutive connections from my computer (even if different ports) to one IP address (port 8080) in one line.

I guess, I will have to stick with ipfw and more, that points to less in my case

 

[n0cmonkey]

Originally posted by: aux
Sorry, that wasn't clear. It would be nice if the log viewer has an option to summarize all consecutive connections from my computer (even if different ports) to one IP address (port 8080) in one line.

That screams bad practice, IMO.

I guess, I will have to stick with ipfw and more, that points to less in my case

more seems to be the standard invocation.

 

[aux]

Originally posted by: n0cmonkey

Originally posted by: aux
Sorry, that wasn't clear. It would be nice if the log viewer has an option to summarize all consecutive connections from my computer (even if different ports) to one IP address (port 8080) in one line.

That screams bad practice, IMO.

It's just an option that helps to concentrate on the important log entries and not pay much attention to the less important ones (say connections from my laptop to port 8080 somewhere, that is consistant with normal web browsing). If I want I can still examine the details, because the log entries are there, just not displayed in detail. Yes, I know that the standard http port is 80, I am using 8080 just as an example.

 

[n0cmonkey]

Originally posted by: aux

Originally posted by: n0cmonkey

Originally posted by: aux
Sorry, that wasn't clear. It would be nice if the log viewer has an option to summarize all consecutive connections from my computer (even if different ports) to one IP address (port 8080) in one line.

That screams bad practice, IMO.

It's just an option that helps to concentrate on the important log entries and not pay much attention to the less important ones (say connections from my laptop to port 8080 somewhere, that is consistant with normal web browsing). If I want I can still examine the details, because the log entries are there, just not displayed in detail. Yes, I know that the standard http port is 80, I am using 8080 just as an example.

What makes the connection from port 8034 more important than the one from 9024?

 

[aux]

Originally posted by: n0cmonkey

Originally posted by: aux

Originally posted by: n0cmonkey

Originally posted by: aux
Sorry, that wasn't clear. It would be nice if the log viewer has an option to summarize all consecutive connections from my computer (even if different ports) to one IP address (port 8080) in one line.

That screams bad practice, IMO.

It's just an option that helps to concentrate on the important log entries and not pay much attention to the less important ones (say connections from my laptop to port 8080 somewhere, that is consistant with normal web browsing). If I want I can still examine the details, because the log entries are there, just not displayed in detail. Yes, I know that the standard http port is 80, I am using 8080 just as an example.

What makes the connection from port 8034 more important than the one from 9024?

Nothing. However connections from my laptop to port 8080 are to be expected, connections to port 54321 are not and I would prefer to see the latter easily.

Edit: I was checking other firewalls and log viewers, the same story. I guess, it's time for some perl programming.