Firewall Wizards mailing list archives
Re: tcpdump installation on unix firewall?
From: Woody Weaver <woody () wiltelnsi com>
Date: Thu, 02 Sep 1999 09:43:24 -0700
At 09:16 AM 8/31/99 -0500, Lance Spitzner wrote:
On Fri, 27 Aug 1999, Robert Graham wrote: First, I am a big fan of using sniffers on the actual firewall for troubleshooting purposes. I personally believe the benefits for troubleshooting far outweigh the risks. With FW-1, sniffers capture the packets BEFORE the FW-1 filter inspects the packets, regardless if it drops/rejects/accept etc. This way you can compare what packets are actually going through the box to what the FW sees in its logs. This has proven invaluable to me in numerous troubleshooting scenarios.
Just as important, the sniffer sees the packet dropped on the wire *after* fwd is done with it. This helps to identify misrouted packets, packets dropped that aren't logged, etc. "snoop -d <interface>" (running in its own xwindow titled <interface>) is of invaluable help in setting up the firewall for the first time. --woody
Lance Spitzner http://www.enteract.com/~lspitz/papers.html
Current thread:
- RE: tcpdump installation on unix firewall? Lee (Lockdown) Hughes (Sep 01)
- <Possible follow-ups>
- RE: tcpdump installation on unix firewall? LeGrow, Matt (Sep 06)
- Re: tcpdump installation on unix firewall? Woody Weaver (Sep 07)
- RE: tcpdump installation on unix firewall? Ryan Russell (Sep 07)