Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
tcpdump or snoop 1
- Thread starter stooo
- Start date
-
1
- #2
Use 'snoop' for packets outside the firewall, and 'debug' for inside.
For instance, 'debug flow drop' will catch all dropped packets (view by 'get db st', clear by 'clear db', turn off by 'undebug all').
You can also set a filter and do 'debug flow basic', actually there's a TON of debugs you can use. Set a filter like:
set ffilter src-ip x.x.x.x dst-ip x.x.x.x
there are a bunch of options, you really need to mess with it to get the hang of it.
Try typing 'snoop ?'
"I would rather have a free bottle in front of me, than a pre-frontal lobotomy..."
-Shrubble
For instance, 'debug flow drop' will catch all dropped packets (view by 'get db st', clear by 'clear db', turn off by 'undebug all').
You can also set a filter and do 'debug flow basic', actually there's a TON of debugs you can use. Set a filter like:
set ffilter src-ip x.x.x.x dst-ip x.x.x.x
there are a bunch of options, you really need to mess with it to get the hang of it.
Try typing 'snoop ?'
"I would rather have a free bottle in front of me, than a pre-frontal lobotomy..."
-Shrubble
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question