Important Links

Farzand AliLeave a comment

CCNA/CCNP/CCIE Security
CCNA/CCNP/CCIE RnS
ACE/PCNSE
CCSA/CCSE
Juniper SRX
Meraki
VmWare
Linux+/LPIC1
CPSA
Network+/Security+
ITIL
MCSA

Useful Tools

Security Advisories:
Palo Alto: https://securityadvisories.paloaltonetworks.com
Checkpoint: https://www.checkpoint.com/advisories/
Cisco: https://tools.cisco.com/security/center/publicationListing.x
Meraki: https://meraki.cisco.com/blog/cisco-meraki-customer-advisories/

Advertisements

Capture and Monitor traffic Checkpoint

Farzand AliLeave a comment

# fw accel off (Turn Off secureXL)

# tcpdump -nei eth1-08 port 22 or 23 -w /var/log/FTP_tcpd_ethx.pcap
# tcpdump -nei Mgmt port 22 or 23 -w /var/log/FTP_tcpd_ethy.pcap

# fw monitor -p all -e ‘accept host(10.50.x.);’

# fw monitor -e “accept src=10.200.7.30 and dst=172.24.32.101;”
# fw monitor -e “accept dst=10.200.7.30 and src=172.24.32.101;”

# fw monitor -p all -e ‘accept host(10.50.x.);’ -o /var/log/FTP_fwmon_.pcap
# fw ctl zdebug drop > /var/log/FTP_fwdrop.dbg

# fw monitor -e “accept port(22) or port(23);” -o /var/log/FTP_fwmon_.pcap
# fw ctl zdebug drop > /var/log/FTP_fwdrop.dbg

# fw monitor -p all -e ‘accept host(193.112.66.10);’ -o /var/log/Mon_internal1.pcap
# fw ctl zdebug drop | grep 193.112.66.10 > /var/log/Mon_fwdrop1.dbg

# fw monitor -p all -e ‘accept host(52.3.211.188);’ -o /var/log/Mon_external.pcap
# fw ctl zdebug drop | grep 52.3.211.188 > /var/log/Mon_fwdrop2.dbg

# fw accel on

Debug ip scp

Farzand AliLeave a comment

debug ip scp

To troubleshoot secure copy (SCP) authentication problems, use the debug ip scp command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug ip scp

no debug ip scp

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Command History

Release Modification
12.2(2)T This command was introduced.
12.0(21)S This command was integrated into Cisco IOS Release 12.0(21)S.
12.2(22)S This command was integrated into Cisco IOS Release 12.2(22)S.
12.2(25)S This command was integrated into Cisco IOS Release 12.2(25)S.
12.2(18)SXD This command was integrated into Cisco IOS Release 12.2(18)SXD.

Examples

The following example is output from the debug ip scp command. In this example, a copy of the file scptest.cfg from a UNIX host running configuration of the router was successful.

Router# debug ip scp
4d06h:SCP:[22 -> 10.11.29.252:1018] send <OK>
4d06h:SCP:[22 <- 10.11.29.252:1018] recv C0644 20 scptest.cfg
4d06h:SCP:[22 -> 10.11.29.252:1018] send <OK>
4d06h:SCP:[22 <- 10.11.29.252:1018] recv 20 bytes
4d06h:SCP:[22 <- 10.11.29.252:1018] recv <OK>
4d06h:SCP:[22 -> 10.11.29.252:1018] send <OK>
4d06h:SCP:[22 <- 10.11.29.252:1018] recv <EOF>

The following example is also output from the debug ip scp command, but in this example, the user has privilege 0 and is therefore denied:

Router# debug ip scp
4d06h:SCP:[22 -> 10.11.29.252:1018] send Privilege denied.

Related Commands

Command Description
ip scp server enable Enables SCP server-side functionality.