Firewall Wizards mailing list archives
RE: tcpdump installation on unix firewall?
From: jan.schultheiss () ubs com
Date: Mon, 30 Aug 1999 08:43:21 +0200
Hi Andreas
Hi fw-wizards Do you consider it an utterly bad idea to install a packet sniffer on a firewall. (HP box running FW-1). Why would I want to do this? Perhaps you know this already: If sth. is not working it's either the firewall or the network.
You mentioned the reason by yourself. To check whether something is going through the firewall or if there is something unusual going on. Usually the firewall gets blamed for every client/server application which is not working so you definitely need to prove that the firewall is not the cause for the malfunction.
I need a tool to proove what's going on... Badly performing server, find out what normal traffic is for an application (data volume, traffic profile for one request....) and more of this kind. Is there anybody out there... doing this?
tcpdump or snoop usually requires root privileges. Once somebody has got access to your firewall and has managed to become root you actually already lost the game.
Does it interfere with the FW-1 software?
It does not with Solaris. However be sure to check in which order the software operates. On a Solaris box you see the packets with the snoop command although the firewall-1 software will not let them through. Once you see the packets with snoop you need to check the firewall logs to see whether the firewall has passed the packets or not. Best regards Jan
Current thread:
- tcpdump installation on unix firewall? Andreas . Bolatzki (Aug 27)
- Re: tcpdump installation on unix firewall? Matt Curtin (Aug 30)
- Re: tcpdump installation on unix firewall? Siglite (Aug 30)
- <Possible follow-ups>
- Re: tcpdump installation on unix firewall? Robert Graham (Aug 30)
- Re: tcpdump installation on unix firewall? Lance Spitzner (Aug 31)
- Re: tcpdump installation on unix firewall? Peter J. Cherny (Aug 30)
- RE: tcpdump installation on unix firewall? jan . schultheiss (Aug 30)
- RE: tcpdump installation on unix firewall? Mason Begley (Aug 31)