Juniper防火墙命令行查错工具snoop的使用

Juniper防火墙命令行查错工具snoop的使用

Snoop的使用举例如下:

[b]1. 先设置过滤列表,使得防火墙只对需要的数据包进行分析. 即snoop filter命令:[/b]

ns208-> snoop filter ?

delete delete snoop filter

ethernet snoop specified ethernet

id snoop filter id

ip snoop ip packet

off turn off snoop filter

on turn on snoop filter

tcp snoop tcp packet

udp snoop udp packet

ns208-> snoop filter ip ?

<return>

direction snoop direction

dst-ip snoop filter dst ip

dst-port snoop filter dst port

interface interface name

ip-proto snoop filter ip proto

port src or dst port

src-ip snoop filter src ip

src-port snoop filter src port

<IPv4 Address> IPv4 Address

offset ip offset

ns208-> snoop info

Snoop: OFF

Filters Defined: 2, Active Filters 2

Detail: OFF, Detail Display length: 96

Snoop filter based on:

id 1(on): IP dir(I)

id 2(on): IP dst-ip 172.27.68.1 dir(B)

[b]2. 开启snoop 进行抓包

[/b]ns208-> snoop

Start Snoop, type ESC or 'snoop off' to stop, continue? [y]/n y

[b]3. 发送测试数据包或让小部分流量穿越防火墙
[/b][b]4. 停止snoop

[/b]ns208-> snoop off

[b]5. 检查防火墙对所转发的符合过滤条件的数据包的分析结果(非采用上面的filter,而是采用另外的filter):[/b]

ns208-> get db stream

[b]1.The packet comes into the Netscreen from the Trusted side client.[/b]

55864.0: 0(i):005004bb815f->0010db00ab30/0800

10.0.0.36->10.10.10.14/1, tlen=60

vhl=45, id=31489, frag=0000, ttl=32

[b]2.The packet then leaves the Netscreen, on it’s way to the destination host.[/b]

55864.0: 1(o):0010db00ab31->00104bf3d073/0800

10.10.10.10->10.10.10.14/1, tlen=60

vhl=45, id=31489, frag=0000, ttl=31

[b]3.The packet then returns to the Netscreen from the host.

[/b]55864.0: 1(i):00104bf3d073->0010db00ab31/0800

10.10.10.14->10.10.10.10/1, tlen=60

vhl=45, id=12289, frag=0000, ttl=128

[b]4. Finally, the packet is returned to the client on the trusted side.[/b]

55864.0: 0(o):0010db00ab30->005004bb815f/0800

10.10.10.14->10.0.0.36/1, tlen=60

vhl=45, id=12289, frag=0000, ttl=127

[b]5. 清除防火墙缓存的debug结果:[/b]

ns208-> clear db

[b]6. 清除防火墙的snoop过滤设置

[/b]ns208-> snoop filter delete

All filters removed