Juniper防火墙命令行查错工具snoop的使用
?????????????? Juniper防火墻命令行查錯工具snoop的使用
摘要:Snoop 是Juniper防火墻另外一個有效的查錯工具,它和debug flow basic的區別是: snoop類似于在防火墻的接口上抓包,可以根據具體接口, 數據包的方向, 協議等等要素進行過濾抓包; debug flow basic則對數據包如何穿越防火墻進行分析,將防火墻的對數據包的處理過程顯示出來.
?
Snoop的使用舉例如下:
1. 先設置過濾列表,使得防火墻只對需要的數據包進行分析. 即snoop filter命令:
ns208-> snoop filter ?
delete delete snoop filter
ethernet snoop specified ethernet
id snoop filter id
ip snoop ip packet
off turn off snoop filter
on turn on snoop filter
tcp snoop tcp packet
udp snoop udp packet
ns208-> snoop filter ip ?
<return>
direction snoop direction
dst-ip snoop filter dst ip
dst-port snoop filter dst port
interface interface name
ip-proto snoop filter ip proto
port src or dst port
src-ip snoop filter src ip
src-port snoop filter src port
<IPv4 Address> IPv4 Address
offset ip offset
ns208-> snoop info
Snoop: OFF
Filters Defined: 2, Active Filters 2
Detail: OFF, Detail Display length: 96
Snoop filter based on:
id 1(on): IP dir(I)
id 2(on): IP dst-ip 172.27.68.1 dir(B)
2. 開啟snoop 進行抓包
ns208-> snoop
Start Snoop, type ESC or 'snoop off' to stop, continue? [y]/n y
3. 發送測試數據包或讓小部分流量穿越防火墻
4. 停止snoop
ns208-> snoop off
5. 檢查防火墻對所轉發的符合過濾條件的數據包的分析結果(非采用上面的filter,而是采用另外的filter):
ns208-> get db stream
1.The packet comes into the Netscreen from the Trusted side client.
55864.0: 0(i):005004bb815f->0010db00ab30/0800
10.0.0.36->10.10.10.14/1, tlen=60
vhl=45, id=31489, frag=0000, ttl=32
2.The packet then leaves the Netscreen, on it’s way to the destination host.
55864.0: 1(o):0010db00ab31->00104bf3d073/0800
10.10.10.10->10.10.10.14/1, tlen=60
vhl=45, id=31489, frag=0000, ttl=31
3.The packet then returns to the Netscreen from the host.
55864.0: 1(i):00104bf3d073->0010db00ab31/0800
10.10.10.14->10.10.10.10/1, tlen=60
vhl=45, id=12289, frag=0000, ttl=128
4. Finally, the packet is returned to the client on the trusted side.
55864.0: 0(o):0010db00ab30->005004bb815f/0800
10.10.10.14->10.0.0.36/1, tlen=60
vhl=45, id=12289, frag=0000, ttl=127
5. 清除防火墻緩存的debug結果:
ns208-> clear db
6. 清除防火墻的snoop過濾設置
ns208-> snoop filter delete
All filters removed
?
轉載于:https://blog.51cto.com/kwsnh/548867
與50位技術專家面對面20年技術見證,附贈技術全景圖總結
以上是生活随笔為你收集整理的Juniper防火墙命令行查错工具snoop的使用的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Active Contour Model
- 下一篇: lua c语言混合编程入门