The snoop command is the closest you will get to a tcpdump on a Netscreen running ScreenOS. It will display requested info on all traversing interfaces.
clear dbuf clears the debug output
snoop enables snoop
snoop filter ip
snoop filter ip 10.10.0.1 port 22 interface Untrust direction both
snoop filter ip src-ip 10.1.2.1 dst-ip 192.168.1.2 src-port 80
snoop detail len 1514 turns on full packet capture(as opposed to headers)
snoop off turns off snoop
Snoop info displays the snoop status
get bd stream displays L2,3 and 4 headers of each incoming (i) and outgoing (o) packet.
get db stream > tftp send output to tftp
Sample output: Here is an example of a packet entering on eth1/2 (i) and exiting on eth1/1(o). It also shows that the destination is also translated.
11358520.0: ethernet1/2(i) len=98:0006d6b83019->0010dbff2080/0800
10.1.1.1 -> 192.168.1.1/1
vhl=45, tos=00, id=0, frag=4000, ttl=42 tlen=84
icmp:type=8, code=0
11358520.0: ethernet1/1(o) len=98:0010dbff2070->002347b4ce80/0800
10.1.1.1 -> 172.16.1.1/1
vhl=45, tos=00, id=0, f
Tuesday, March 9, 2010
Screen OS Snoop
Subscribe to:
Post Comments (Atom)
Posts
0 comments:
Post a Comment