Capture and Monitor traffic Checkpoint

# fw accel off (Turn Off secureXL)

# tcpdump -nei eth1-08 port 22 or 23 -w /var/log/FTP_tcpd_ethx.pcap
# tcpdump -nei Mgmt port 22 or 23 -w /var/log/FTP_tcpd_ethy.pcap

# fw monitor -p all -e ‘accept host(10.50.x.);’

# fw monitor -e “accept src=10.200.7.30 and dst=172.24.32.101;”
# fw monitor -e “accept dst=10.200.7.30 and src=172.24.32.101;”

# fw monitor -p all -e ‘accept host(10.50.x.);’ -o /var/log/FTP_fwmon_.pcap
# fw ctl zdebug drop > /var/log/FTP_fwdrop.dbg

# fw monitor -e “accept port(22) or port(23);” -o /var/log/FTP_fwmon_.pcap
# fw ctl zdebug drop > /var/log/FTP_fwdrop.dbg

# fw monitor -p all -e ‘accept host(193.112.66.10);’ -o /var/log/Mon_internal1.pcap
# fw ctl zdebug drop | grep 193.112.66.10 > /var/log/Mon_fwdrop1.dbg

# fw monitor -p all -e ‘accept host(52.3.211.188);’ -o /var/log/Mon_external.pcap
# fw ctl zdebug drop | grep 52.3.211.188 > /var/log/Mon_fwdrop2.dbg

# fw accel on

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s