2.5. The pcapdump Command
A valuable diagnostic tool is the ability to examine the packets that enter and leave the interfaces of
a NetDefend Firewall. For this purpose, NetDefendOS provides the CLI command pcapdump which
not only allows the examination of packet streams entering and leaving interfaces but also allows
the filtering of these streams according to specified criteria.
The packets that are filtered out by pcapdump can then be saved in a file of type .cap which is the
defacto libpcap library file format standard for packet capture.
The complete syntax of the pcapdump command is described in the CLI Reference Guide.
A Simple Example
An example of pcapdump usage is the following sequence:
gw-world:/> pcapdump -start int -size 1024
gw-world:/> pcapdump -stop int
gw-world:/> pcapdump -show
gw-world:/> pcapdump -write int -filename=cap_int.cap
gw-world:/> pcapdump -cleanup
Going through this line by line we have:
1. Recording is started for the int interface using a buffer size of 1024 Kbytes.
gw-world:/> pcapdump -size 1024 -start int
2. The recording is stopped for the int interface.
gw-world:/> pcapdump -stop int
3. The dump output is displayed on the console in a summarized form.
gw-world:/> pcapdump -show
4. The same information is written in its complete form to a file called cap_int.cap.
gw-world:/> pcapdump -write int -filename=cap_int.cap
At this point, the file cap_int.cap should be downloaded to the management workstation for
analysis.
5. A final cleanup is performed and all memory taken is released.
gw-world:/> pcapdump -cleanup
Re-using Capture Files
Since the only way to delete files from the NetDefend Firewall is through the serial console, the
recommendation is to always use the same filename when using the pcapdump -write option. Each
new write operation will then overwrite the old file.
Running on Multiple Interfaces
2.5. The pcapdump Command
Chapter 2. Management and Maintenance
81
Summary of Contents for NetDefend DFL-1660
Page 28: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 28 ...
Page 88: ...2 6 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 88 ...
Page 166: ...3 10 DNS Chapter 3 Fundamentals 166 ...
Page 254: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 254 ...
Page 268: ...5 4 IP Pools Chapter 5 DHCP Services 268 ...
Page 368: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 368 ...
Page 390: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 390 ...
Page 414: ...8 3 Customizing Authentication HTML Pages Chapter 8 User Authentication 414 ...
Page 490: ...9 8 6 Specific Symptoms Chapter 9 VPN 490 ...
Page 528: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 528 ...
Page 544: ...11 7 HA Advanced Settings Chapter 11 High Availability 544 ...
Page 551: ...12 3 5 Limitations Chapter 12 ZoneDefense 551 ...
Page 574: ...Default 512 13 9 Miscellaneous Settings Chapter 13 Advanced Settings 574 ...
Page 575: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 575 ...