{"id":1828,"date":"2013-09-26T14:54:58","date_gmt":"2013-09-26T13:54:58","guid":{"rendered":"http:\/\/mccltd.net\/blog\/?p=1828"},"modified":"2013-12-17T09:30:51","modified_gmt":"2013-12-17T09:30:51","slug":"running-snoop-on-netscreen-firewall","status":"publish","type":"post","link":"http:\/\/darenmatthews.com\/blog\/?p=1828","title":{"rendered":"Running Snoop on Netscreen Firewall"},"content":{"rendered":"<p>An aide-memoir:<\/p>\n<p>ScreenOS-&gt; undebug all<br \/>\nScreenOS-&gt; clear db<!--more--><br \/>\nScreenOS-&gt; snoop info<br \/>\nSnoop: OFF<br \/>\nFilters Defined: 0, Active Filters 0<br \/>\nDetail: OFF, Detail Display length: 96<br \/>\nSnoop tunnel traffic: ON<br \/>\nScreenOS-&gt; snoop filter ip src-ip 129.0.52.74<br \/>\nsnoop filter added<br \/>\nScreenOS-&gt; snoop info<br \/>\nSnoop: OFF<br \/>\nFilters Defined: 1, Active Filters 1<br \/>\nDetail: OFF, Detail Display length: 96<br \/>\nSnoop tunnel traffic: ON<br \/>\nSnoop filter based on:<br \/>\nid 1(on): IP src-ip 129.0.52.74 dir(B)<br \/>\nScreenOS-&gt; snoop detail len 1514<br \/>\nScreenOS-&gt; snoop info<br \/>\nSnoop: OFF<br \/>\nFilters Defined: 1, Active Filters 1<br \/>\nDetail: OFF, Detail Display length: 1514<br \/>\nSnoop tunnel traffic: ON<br \/>\nSnoop filter based on:<br \/>\nid 1(on): IP src-ip 129.0.52.74 dir(B)<br \/>\nScreenOS-&gt; snoop<br \/>\nStart Snoop, type ESC or &#8216;snoop off&#8217; to stop, continue? [y]\/n y<br \/>\nScreenOS-&gt;<br \/>\nScreenOS-&gt; snoop off<br \/>\nSnoop off<br \/>\nScreenOS-&gt; get db st<br \/>\n4488957.0: ethernet3\/4(i) len=54:006440352fc8-&gt;0010dbff2200\/0800<br \/>\n129.0.52.74 -&gt; 172.23.64.94\/6<br \/>\nvhl=45, tos=00, id=29961, frag=4000, ttl=126 tlen=40<br \/>\ntcp:ports 44183-&gt;22, seq=1443227022, ack=1957543016, flag=5010\/ACK<\/p>\n<p>4488962.0: ethernet3\/4(i) len=134:006440352fc8-&gt;0010dbff2200\/0800<br \/>\n129.0.52.74 -&gt; 172.23.64.94\/6<br \/>\nvhl=45, tos=00, id=29975, frag=4000, ttl=126 tlen=120<br \/>\ntcp:ports 44183-&gt;22, seq=1443227022, ack=1957543016, flag=5018\/ACK<\/p>\n<p>4488962.0: ethernet3\/4(i) len=54:006440352fc8-&gt;0010dbff2200\/0800<br \/>\n129.0.52.74 -&gt; 172.23.64.94\/6<br \/>\nvhl=45, tos=00, id=29976, frag=4000, ttl=126 tlen=40<br \/>\ntcp:ports 44183-&gt;22, seq=1443227102, ack=1957543084, flag=5010\/ACK<\/p>\n<p>4488968.0: ethernet3\/4(i) len=134:006440352fc8-&gt;0010dbff2200\/0800<br \/>\n129.0.52.74 -&gt; 172.23.64.94\/6<br \/>\nvhl=45, tos=00, id=30273, frag=4000, ttl=126 tlen=120<br \/>\ntcp:ports 44183-&gt;22, seq=1443227102, ack=1957543084, flag=5018\/ACK<\/p>\n<p>4488968.0: ethernet3\/4(i) len=134:006440352fc8-&gt;0010dbff2200\/0800<br \/>\n129.0.52.74 -&gt; 172.23.64.94\/6<br \/>\nScreenOS-&gt;<br \/>\nScreenOS-&gt;<\/p>\n<p>&nbsp;<\/p>\n<p>The snoop options available for your release are viewable via the CLI command :<\/p>\n<p><code>\u00a0\u00a0 snoop ?<\/code><\/p>\n<p>This will produce a list similar to the following:<\/p>\n<table width=\"95%\" border=\"1\" cellspacing=\"0\" cellpadding=\"1\">\n<tbody>\n<tr>\n<td valign=\"top\"><strong>Parameter<\/strong><\/td>\n<td valign=\"top\"><strong>Description<\/strong><\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><code>snoop<\/code><\/td>\n<td valign=\"top\">Starts the snoop capture<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><code>snoop\u00a0?<\/code><\/td>\n<td valign=\"top\">Provides a list of top level options:<\/p>\n<p><code>detail\u00a0\u00a0 snoop detail configuration<\/p>\n<p>filter\u00a0\u00a0 snoop filter configuration<br \/>\ninfo\u00a0\u00a0\u00a0\u00a0 show snoop information<br \/>\noff\u00a0\u00a0\u00a0\u00a0\u00a0 turn off snoop<br \/>\n<\/code><\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><code>snoop\u00a0detail\u00a0?<\/code><\/td>\n<td valign=\"top\">To set the packet length to display, use the len option<\/p>\n<p><code>len\u00a0\u00a0\u00a0\u00a0\u00a0 snoop detail length<br \/>\noff\u00a0\u00a0\u00a0\u00a0\u00a0 turn off snoop detail<\/p>\n<p>&lt;number&gt; packet length to display (range: 1 - 1514) <\/code><\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><code>snoop\u00a0filter\u00a0? <\/code><\/td>\n<td valign=\"top\">Filter options allow the setting of the IP source, destination, and\/or port; setting the filter direction, interface, etc.<\/p>\n<p><code>cisco-hdlc\u00a0\u00a0 snoop cisco hdlc protocol packet<br \/>\ndelete\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 delete snoop filter<br \/>\nethernet\u00a0\u00a0\u00a0\u00a0 snoop specified ethernet<br \/>\nframe-relay\u00a0 snoop frame relay protocol and multilink fragment packet<br \/>\nid\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 snoop filter id<br \/>\nip\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 snoop ip packet<br \/>\noff\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 turn off snoop filter<br \/>\non\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 turn on snoop filter<br \/>\nppp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 snoop ppp protocol and multilink fragment packet<br \/>\ntcp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 snoop tcp packet<br \/>\nudp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 snoop udp packet<br \/>\n<\/code><\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><code>snoop\u00a0filter\u00a0ip\u00a0?<\/code><\/td>\n<td valign=\"top\">IP Filter options:<\/p>\n<p><code> direction\u00a0\u00a0\u00a0\u00a0\u00a0 snoop direction<br \/>\ndst-ip\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 snoop filter dst ip<br \/>\ndst-port\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 snoop filter dst port<br \/>\ninterface\u00a0\u00a0\u00a0\u00a0\u00a0 interface name<br \/>\nip-proto\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 snoop filter ip proto<br \/>\nport\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 src or dst port<br \/>\nsrc-ip\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 snoop filter src ip<br \/>\nsrc-port\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 snoop filter src port<br \/>\n&lt;IPv4 Address&gt; IPv4 Address<br \/>\noffset\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ip offset<br \/>\n<\/code><\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><code>snoop\u00a0filter\u00a0ethernet\u00a0?<\/code><\/td>\n<td valign=\"top\">Ethernet Filter options:<\/p>\n<p><code> arp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 snoop arp packet<br \/>\ndirection\u00a0\u00a0\u00a0\u00a0\u00a0 snoop direction<br \/>\ninterface\u00a0\u00a0\u00a0\u00a0\u00a0 interface name<br \/>\nnsrp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 snoop nsrp packet<br \/>\nvlan\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 snoop vlan packet<br \/>\n&lt;number &gt;\u00a0\u00a0\u00a0 \u00a0 snoop specified ethernet type<br \/>\nexcept\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 snoop all but the specified ethernet type<br \/>\noffset\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ethernet offset<\/code><\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><code>snoop\u00a0info<\/code><\/td>\n<td valign=\"top\">Provides details about the snoop settings that have been configured.<\/p>\n<p><code> Snoop: OFF<br \/>\nFilters Defined: 0, Active Filters 0<br \/>\nDetail: OFF, Detail Display length: 96<br \/>\n<\/code><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An aide-memoir: ScreenOS-&gt; undebug all ScreenOS-&gt; clear db<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[63,84,13],"tags":[4,37],"_links":{"self":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1828"}],"collection":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1828"}],"version-history":[{"count":4,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1828\/revisions"}],"predecessor-version":[{"id":1937,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1828\/revisions\/1937"}],"wp:attachment":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1828"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1828"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1828"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}