Over three decades of Information Technology experience, specializing in High Performance Networks, Security Architecture, E-Commerce Engineering, Data Center Design, Implementation and Support
Friday, December 28, 2018
fw monitor debugging traffic
If SecureXL is on, please turn off the secureXL
#fwaccel off // to turn it off
#fwaccel stat // to check status
#fw monitor -e "accpet host(srcIP) and host(dstIP);" -o filename.pcap
eg:
#fw monitor -e "accept host(17.16.202.89) and host(100.25.219.39) or host(100.25.219.39);" -o captures.pcap
#fwaccel on // to turn on SecreXL
Run below traffic captures at internal and external interface:
tcpdump -t -enni <interface_name> host Src.IP and host dst.IP
tcpdump -t -enni eth2-04 host + and host 208.94.8.8 -w filename1.pcap
fwaccel off
fw monitor -e "accpet host(17.16.202.80);" -o filename.pcap
fw ctl zdebug drop | grep 17.16.202.80
fw monitor -e "accept host(17.16.202.80);"
fw monitor -e "accept host(17.16.202.80);" -T -T is for time stamp
[fw_0] 20Dec2018 10:35:28.713159 eth2-04:I[200]: 17.16.202.80 -> 10.13.4.17 (UDP) len=200 id=2656 UDP: 24628 -> 9980 [vs_0]
[fw_0] 20Dec2018 10:35:28.713168 eth2-01:o[200]: 17.16.202.80 -> 10.13.4.17 (UDP) len=200 id=2656 UDP: 24628 -> 9980 [vs_0]
[fw_0] 20Dec2018 10:35:28.713175 eth2-01:O[200]: 17.16.202.80 -> 10.13.4.17 (UDP) len=200 id=2656 UDP: 24628 -> 9980 [vs_0]
[fw_0] 20Dec2018 10:35:28.720730 eth2-01:i[200]: 10.25.220.68 -> 17.16.202.80 (UDP) len=200 id=37057 UDP: 21416 -> 21898 [vs_0]
[fw_0] 20Dec2018 10:35:28.720749 eth2-01:I[200]: 10.25.220.68 -> 17.16.202.80 (UDP) len=200 id=37057 UDP: 21416 -> 21898 [vs_0]
I and i are for In
O and o are for Out
Upper Case I is for after Inspection
lower case i is for before inspection