Running Snoop on Netscreen Firewall

An aide-memoir:

ScreenOS-> undebug all
ScreenOS-> clear db
ScreenOS-> snoop info
Snoop: OFF
Filters Defined: 0, Active Filters 0
Detail: OFF, Detail Display length: 96
Snoop tunnel traffic: ON
ScreenOS-> snoop filter ip src-ip 129.0.52.74
snoop filter added
ScreenOS-> snoop info
Snoop: OFF
Filters Defined: 1, Active Filters 1
Detail: OFF, Detail Display length: 96
Snoop tunnel traffic: ON
Snoop filter based on:
id 1(on): IP src-ip 129.0.52.74 dir(B)
ScreenOS-> snoop detail len 1514
ScreenOS-> snoop info
Snoop: OFF
Filters Defined: 1, Active Filters 1
Detail: OFF, Detail Display length: 1514
Snoop tunnel traffic: ON
Snoop filter based on:
id 1(on): IP src-ip 129.0.52.74 dir(B)
ScreenOS-> snoop
Start Snoop, type ESC or ‘snoop off’ to stop, continue? [y]/n y
ScreenOS->
ScreenOS-> snoop off
Snoop off
ScreenOS-> get db st
4488957.0: ethernet3/4(i) len=54:006440352fc8->0010dbff2200/0800
129.0.52.74 -> 172.23.64.94/6
vhl=45, tos=00, id=29961, frag=4000, ttl=126 tlen=40
tcp:ports 44183->22, seq=1443227022, ack=1957543016, flag=5010/ACK

4488962.0: ethernet3/4(i) len=134:006440352fc8->0010dbff2200/0800
129.0.52.74 -> 172.23.64.94/6
vhl=45, tos=00, id=29975, frag=4000, ttl=126 tlen=120
tcp:ports 44183->22, seq=1443227022, ack=1957543016, flag=5018/ACK

4488962.0: ethernet3/4(i) len=54:006440352fc8->0010dbff2200/0800
129.0.52.74 -> 172.23.64.94/6
vhl=45, tos=00, id=29976, frag=4000, ttl=126 tlen=40
tcp:ports 44183->22, seq=1443227102, ack=1957543084, flag=5010/ACK

4488968.0: ethernet3/4(i) len=134:006440352fc8->0010dbff2200/0800
129.0.52.74 -> 172.23.64.94/6
vhl=45, tos=00, id=30273, frag=4000, ttl=126 tlen=120
tcp:ports 44183->22, seq=1443227102, ack=1957543084, flag=5018/ACK

4488968.0: ethernet3/4(i) len=134:006440352fc8->0010dbff2200/0800
129.0.52.74 -> 172.23.64.94/6
ScreenOS->
ScreenOS->

 

The snoop options available for your release are viewable via the CLI command :

   snoop ?

This will produce a list similar to the following:

Parameter Description
snoop Starts the snoop capture
snoop ? Provides a list of top level options:detail   snoop detail configuration

filter   snoop filter configuration
info     show snoop information
off      turn off snoop
snoop detail ? To set the packet length to display, use the len optionlen      snoop detail length
off      turn off snoop detail

<number> packet length to display (range: 1 - 1514)
snoop filter ? Filter options allow the setting of the IP source, destination, and/or port; setting the filter direction, interface, etc.cisco-hdlc   snoop cisco hdlc protocol packet
delete       delete snoop filter
ethernet     snoop specified ethernet
frame-relay  snoop frame relay protocol and multilink fragment packet
id           snoop filter id
ip           snoop ip packet
off          turn off snoop filter
on           turn on snoop filter
ppp          snoop ppp protocol and multilink fragment packet
tcp          snoop tcp packet
udp          snoop udp packet
snoop filter ip ? IP Filter options:direction      snoop direction
dst-ip         snoop filter dst ip
dst-port       snoop filter dst port
interface      interface name
ip-proto       snoop filter ip proto
port           src or dst port
src-ip         snoop filter src ip
src-port       snoop filter src port
<IPv4 Address> IPv4 Address
offset         ip offset
snoop filter ethernet ? Ethernet Filter options:arp            snoop arp packet
direction      snoop direction
interface      interface name
nsrp           snoop nsrp packet
vlan           snoop vlan packet
<number >      snoop specified ethernet type
except         snoop all but the specified ethernet type
offset         ethernet offset
snoop info Provides details about the snoop settings that have been configured.Snoop: OFF
Filters Defined: 0, Active Filters 0
Detail: OFF, Detail Display length: 96

Was this article helpful?

Yes No

Related Articles

Leave A Comment?

You must be logged in to post a comment.