Tuesday, January 26, 2016

Troubleshooting Filters

Debug

fw ctl zdebug + drop | grep 204.105.57.69
fw ctl zdebug drop > /var/log/drop.txt



tcpdump 
tcpdump -i eth3 -nn -X -S -c 100 -w packetcap.cap

tcpdump -nr packetcap.cap | awk '{print }' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort | uniq -c | sort -n

tcpdump -i eth0 src 10.25.240.57 and dst 216.231.64.82

tcpdump -i eth1 port 1089 and dst 216.118.184.254

tcpdump -ni eth8 src 172.30.25.132


tcpdump -nnei any -w /var/log/tcp.cap

tcpdump -i any -nn -X -vv -s 1514 -c 1000 -w packetcap.cap

tcpdump -i eth0 -s 0 -vvv -w ./dump.pcap

tcpdump -ni eth0 -s0 -w /var/tmp/asscapture.pcap


FW Monitor 

fw monitor | grep 10.210.7.250

fw monitor -e "((src=10.20.59.230 , dst=10.25.240.44) or (src=10.25.240.44 , dst=10.20.59.230)), accept;"

fw monitor -e "accept;" -o connections.cap  (create a pcap file open with wireshark)

fw monitor -e "accept (src=10.20.59.230 , dst=10.25.240.44);"

fw monitor -ci 10 | grep 172.30.25.132

fw monitor -o /var/log/fwmon.cap

netstat -nr | grep eth3-02 | awk -F' ' '{print $1,$2,$3}' | sort > test2)


Acceleration 
fwaccel off/on
fwaccel stat
fw ctl multik stat
fw ctl affinity -l -a -v
fwaccel conns  |grep  216.231.83.228 | more
fw tab –t connections –s
Posted by at