Daren Matthews

Home > Juniper, linux, Security > Running Snoop on Netscreen Firewall

Running Snoop on Netscreen Firewall

September 26th, 2013

An aide-memoir:

ScreenOS-> undebug all
ScreenOS-> clear db
ScreenOS-> snoop info
Snoop: OFF
Filters Defined: 0, Active Filters 0
Detail: OFF, Detail Display length: 96
Snoop tunnel traffic: ON
ScreenOS-> snoop filter ip src-ip 129.0.52.74
snoop filter added
ScreenOS-> snoop info
Snoop: OFF
Filters Defined: 1, Active Filters 1
Detail: OFF, Detail Display length: 96
Snoop tunnel traffic: ON
Snoop filter based on:
id 1(on): IP src-ip 129.0.52.74 dir(B)
ScreenOS-> snoop detail len 1514
ScreenOS-> snoop info
Snoop: OFF
Filters Defined: 1, Active Filters 1
Detail: OFF, Detail Display length: 1514
Snoop tunnel traffic: ON
Snoop filter based on:
id 1(on): IP src-ip 129.0.52.74 dir(B)
ScreenOS-> snoop
Start Snoop, type ESC or ‘snoop off’ to stop, continue? [y]/n y
ScreenOS->
ScreenOS-> snoop off
Snoop off
ScreenOS-> get db st
4488957.0: ethernet3/4(i) len=54:006440352fc8->0010dbff2200/0800
129.0.52.74 -> 172.23.64.94/6
vhl=45, tos=00, id=29961, frag=4000, ttl=126 tlen=40
tcp:ports 44183->22, seq=1443227022, ack=1957543016, flag=5010/ACK

4488962.0: ethernet3/4(i) len=134:006440352fc8->0010dbff2200/0800
129.0.52.74 -> 172.23.64.94/6
vhl=45, tos=00, id=29975, frag=4000, ttl=126 tlen=120
tcp:ports 44183->22, seq=1443227022, ack=1957543016, flag=5018/ACK

4488962.0: ethernet3/4(i) len=54:006440352fc8->0010dbff2200/0800
129.0.52.74 -> 172.23.64.94/6
vhl=45, tos=00, id=29976, frag=4000, ttl=126 tlen=40
tcp:ports 44183->22, seq=1443227102, ack=1957543084, flag=5010/ACK

4488968.0: ethernet3/4(i) len=134:006440352fc8->0010dbff2200/0800
129.0.52.74 -> 172.23.64.94/6
vhl=45, tos=00, id=30273, frag=4000, ttl=126 tlen=120
tcp:ports 44183->22, seq=1443227102, ack=1957543084, flag=5018/ACK

4488968.0: ethernet3/4(i) len=134:006440352fc8->0010dbff2200/0800
129.0.52.74 -> 172.23.64.94/6
ScreenOS->
ScreenOS->

The snoop options available for your release are viewable via the CLI command :

snoop ?

This will produce a list similar to the following:

Parameter	Description
`snoop`	Starts the snoop capture
`snoop ?`	Provides a list of top level options: `detail snoop detail configuration` `filter snoop filter configuration info show snoop information off turn off snoop`
`snoop detail ?`	To set the packet length to display, use the len option `len snoop detail length off turn off snoop detail` `<number> packet length to display (range: 1 - 1514)`
`snoop filter ?`	Filter options allow the setting of the IP source, destination, and/or port; setting the filter direction, interface, etc. cisco-hdlc snoop cisco hdlc protocol packet delete delete snoop filter ethernet snoop specified ethernet frame-relay snoop frame relay protocol and multilink fragment packet id snoop filter id ip snoop ip packet off turn off snoop filter on turn on snoop filter ppp snoop ppp protocol and multilink fragment packet tcp snoop tcp packet udp snoop udp packet
`snoop filter ip ?`	IP Filter options: `direction snoop direction dst-ip snoop filter dst ip dst-port snoop filter dst port interface interface name ip-proto snoop filter ip proto port src or dst port src-ip snoop filter src ip src-port snoop filter src port <IPv4 Address> IPv4 Address offset ip offset`
`snoop filter ethernet ?`	Ethernet Filter options: `arp snoop arp packet direction snoop direction interface interface name nsrp snoop nsrp packet vlan snoop vlan packet <number > snoop specified ethernet type except snoop all but the specified ethernet type offset ethernet offset`
`snoop info`	Provides details about the snoop settings that have been configured. `Snoop: OFF Filters Defined: 0, Active Filters 0 Detail: OFF, Detail Display length: 96`

Categories: Juniper, linux, Security Tags: linux, wireshark

Comments are closed.

RFC 2782 and SRV Records Cisco EEM Applet – interface rxload | apply ACL when threshold reached

Running Snoop on Netscreen Firewall

Categories

Find any topic on this site:

Last Fifteen Posts

Archives

Meta