Tuesday, December 10, 2019

TCPDUMP -

Debug


fw ctl zdebug + drop | grep 204.105.57.69
fw ctl zdebug drop > /var/log/drop.txt


TCPDUMP

tcpdump -i eth3 -nn -X -S -c 100 -w packetcap.cap

tcpdump -nr packetcap.cap | awk '{print }' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort | uniq -c | sort -n


tcpdump -i eth0 src 10.25.240.57 and dst 216.231.64.82
tcpdump -i eth1 port 1089 and dst 216.118.184.254
tcpdump -ni eth8 src 172.30.25.132


tcpdump -nnei any -w /var/log/tcp.cap

tcpdump -i any -nn -X -vv -s 1514 -c 1000 -w packetcap.cap

tcpdump -i eth0 -s 0 -vvv -w ./dump.pcap

tcpdump -ni eth0 -s0 -w /var/tmp/asscapture.pcap




FW Monitor

fw monitor | grep 10.210.7.250

fw monitor -e "((src=10.20.59.230 , dst=10.25.240.44) or (src=10.25.240.44 , dst=10.20.59.230)), accept;"

fw monitor -e "accept;" -o connections.cap  (create a pcap file open with wireshark)

fw monitor -e "accept (src=10.20.59.230 , dst=10.25.240.44);"

fw monitor -ci 10 | grep 172.30.25.132

fw monitor -o /var/log/fwmon.cap


netstat -nr | grep eth3-02 | awk -F' ' '{print $1,$2,$3}' | sort > test2)


Acceleration

fwaccel off/on

fwaccel stat

fw ctl multik stat

fw ctl affinity -l -a -v

fwaccel conns  |grep  216.231.83.228 | more

fw tab –t connections –s