Capturing packets
Step 1 - Log into the sfr module via ssh
Step 2 - Execute the command:
system support capture-traffic
Step3
Choose option 2 to capture data from from Single Context
Please choose domain to capture traffic from:
0 - eth0
1 - cplane
2 - Single Context
Selection? 2
Step 4 - Specify your options on what to capture
Please specify tcpdump options desired.
(or enter '?' for a list of supported options)
Options: -n host (ip address of 1st host) and host (ip address of 2nd host)
The above capture option will perform a packet capture of all data between the specified two hosts.
Resetting snort
Login to the sfr module using the admin credentials.
Enter the root shell by entering expert mode:
expert
Enter your admin credentials
Elevate to root permissions
sudo su -
Enter your Admin credntials
pmtool restartbyid SFDataCorrelator
pmtool restartbytype snort
Finding the pid of a service.
pidof snort
Display logging information for traffic traversing the sfr
> system support firewall-engine-debug
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.