enable packet tracing capabilities for packet sniffing and network fault isolation, use the packet-tracer command. To disable packet capture capabilities, use the no form of this command.
packet-tracer input [src_int] protocol src_addr src_port dest_addr dest_port [detailed] [xml]
no packet-tracer
In addition to capturing packets, it is possible to trace the lifespan of a packet through the security appliance to see if it is behaving as expected. The packet-tracer command lets you do the following:
Examples
To enable packet tracing from inside host 10.2.25.3 to external host 209.165.202.158 with detailed information, enter the following:
hostname# packet-tracer input inside tcp 10.2.25.3 www 209.165.202.158 aol detailed
packet-tracer input [src_int] protocol src_addr src_port dest_addr dest_port [detailed] [xml]
no packet-tracer
In addition to capturing packets, it is possible to trace the lifespan of a packet through the security appliance to see if it is behaving as expected. The packet-tracer command lets you do the following:
- Debug all packet drops in production network.
- Verify the configuration is working as intended.
- Show all rules applicable to a packet along with the CLI lines which caused the rule addition.
- Show a time line of packet changes in a data path.
- Inject tracer packets into the data path.
Examples
To enable packet tracing from inside host 10.2.25.3 to external host 209.165.202.158 with detailed information, enter the following:
hostname# packet-tracer input inside tcp 10.2.25.3 www 209.165.202.158 aol detailed
No comments:
Post a Comment