Tricks to diag what rules or routes or events or action are blocking traffic diag debug flow filter add 10.212.134.200 diag debug flow show console enable diag debug flow show function-name enable diag debug flow trace start 10000 diag debug enable diag debug reset diag debug flow filter clear diag debug flow show function console disable diag debug flow show function-name disable

Continue reading

fw monitor 的特点是他能就进入防火墙前没有进行任何处理的流量以及被处理后但还未进入发送数据队列的流量进行分析。 常用语法: fw monitor -e “accept src=10.10.10.1;” -m iO 显示被允许的源为10.10.10.1的流量,进出口为i和O。 fw monitor -e “drop src=10.10.10.1; dst=10.10.1.2;” 显示丢弃的源为10.10.10.1和目标为10.10.1.2的流量 fw monitor -e “accept (src=10.10.10.1 and dst=192.168.1.1) or (src=10.10.10.2); deport=1415 or sport =1415;” 显示接受的从10.10.10.1到192.168.1.1或来自10.10.10.2的流量,以及使用目标接口1415或源接口1415的流量。

Continue reading

TCPDUMP

IP Header len=5*4=20 bytes, and for each line there’s 16 bytes units started from 0 unit. so the ip data starts from 0035 after 20 bytes header. TCP Header starts after the IP Header in a IP packet, so if the first bytes stand 45 which means IPv4 and 5*4=20 bytes header, then we should count TCP header after first 20 bytes in a IP packet. tcpdump -xX : -x will show ip packet data including link layers in hex; -X will show ip data in hex and ascii; so if you want to show data in hex and ascii, just use X is enough.

Continue reading

Author's picture

LuLU

Love coding and new technologies

Cloud Solution Consultant

Canada