Re: [FW-1] Network sniffer for IPSO

Subject:	Re: [FW-1] Network sniffer for IPSO
From:	Robby Cauwerts <robby.cauwerts AT GMAIL DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Mon, 31 Jul 2006 16:05:39 +0200

concerning the "len" output, indeed.
Apparently this is platform/version specific:

# uname -a
OpenBSD xxxxx xxxx GENERIC#50 i386
#
# tcpdump -V
tcpdump version 3.4.0
libpcap version 0.5
# tcpdump -nvi tun0
tcpdump: listening on tun0, link-type LOOP
15:48:40.477705 x.x.x.x.22 > x.x.x.X.11478: P
2090775734:2090775818(84) ack 4236657200 win 17424 (DF) [tos 0x10]
(ttl 64, id 48425, len 124)
15:48:40.479677 x.x.x.X.22 > x.x.X.x.11478: P [tcp sum ok] 84:136(52)
ack 1 win 17424 (DF) [tos 0x10] (ttl 64, id 41731, len 92)

[admin]# uname -a
IPSO xxxx 4.0-BUILD023 releng 1515  10.05.2005-011351 i386
# tcpdump -V
Version 3.3
[admin]# tcpdump -nvi eth1c0
tcpdump: listening on eth1c0
14:00:46.733476 O x.x.x.x > x.x.x.x: P 3352834297:3352834361(64) ack
1157326433 win 17376 <nop,nop,timestamp 197153 4168952645> [tos 0x10]
(ttl 64, id 61498)
14:00:46.733911 I x.x.x.x > x.x.x.x: . ack 64 win 16320
<nop,nop,timestamp 4168952645 197153> [tos 0x10] (ttl 64, id 38117)
14:00:47.730870 O x.x.x.x > x.x.x.x: P 64:288(224) ack 1 win 17376
<nop,nop,timestamp 197155 4168952645> [tos 0x10] (ttl 64, id 61499)

Kind Regards
Robby


On 7/31/06, Mark Williams <secwork AT onlinehome DOT de> wrote:

tcpdump -nvi gives me no "len" output. Don´t know why, only ttl and ID.
tcpdump -s did help, thank you!

also the fw montior command was helpful, thanks to Andrej, too!

----- Original Message -----
From: "Robby Cauwerts" <robby.cauwerts AT GMAIL DOT COM>
To: <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
Sent: Friday, July 28, 2006 2:37 PM
Subject: Re: [FW-1] Network sniffer for IPSO


> Hi,
>
> use tcpdump -nvi
> then take a look at the "len" output.
> This is the packet size including the ip and tcp/udp header.
>
> to capture the whole packet use -s 1500
>
> Kind Regards
> Robby
>
>
> On 7/28/06, Mark Williams <secwork AT onlinehome DOT de> wrote:
>> I want to filter the traffic between two special hosts and see the size
>> of
>> each packet, so the throughput report is not the right tool.
>>
>> ----- Original Message -----
>> From: "Ravikumar Manam" <Ravikumar.Manam AT TNS-GLOBAL DOT COM>
>> To: <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
>> Sent: Friday, July 28, 2006 1:20 PM
>> Subject: Re: [FW-1] Network sniffer for IPSO
>>
>>
>> > If you are a Nokia user you can able to find Voyager -> Monitoring ->
>> > Interface throughput report
>> >
>> > Regards
>> > Ravi
>> >
>> > -----Original Message-----
>> > From: Mailing list for discussion of Firewall-1
>> > [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of 
Mark
>> > Williams
>> > Sent: Friday, July 28, 2006 4:33 PM
>> > To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>> > Subject: [FW-1] Network sniffer for IPSO
>> >
>> > Hi all,
>> > does anyone know a possiblity to sniff the networktraffic on the
>> > external
>> > interface on a FW-1 R55p HFA 08 to see the packetsize in Bytes/Bits? I
>> > tried
>> > tcpdump -vvv, but it hasn´t shown me the packetsize. I´m a tcpdump
>> > beginner,
>> > maybe there is an option for packetsize, but i didn´t find it in the
>> > manual.
>> >
>> > Or is there a version of Ethereal/Wireshark for IPSO 3.8?
>> >
>> > I´ve no fwmonitor!
>> >
>> > Please help
>> >
>> > (heers
>> >
>> > Mark
>> >
>> > =================================================
>> > To set vacation, Out-Of-Office, or away messages,
>> > send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>> > in the BODY of the email add:
>> > set fw-1-mailinglist nomail
>> > =================================================
>> > To unsubscribe from this mailing list,
>> > please see the instructions at
>> > http://www.checkpoint.com/services/mailing.html
>> > =================================================
>> > If you have any questions on how to change your
>> > subscription options, email
>> > fw-1-owner AT ts.checkpoint DOT com
>> > =================================================
>> >
>> > =================================================
>> > To set vacation, Out-Of-Office, or away messages,
>> > send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>> > in the BODY of the email add:
>> > set fw-1-mailinglist nomail
>> > =================================================
>> > To unsubscribe from this mailing list,
>> > please see the instructions at
>> > http://www.checkpoint.com/services/mailing.html
>> > =================================================
>> > If you have any questions on how to change your
>> > subscription options, email
>> > fw-1-owner AT ts.checkpoint DOT com
>> > =================================================
>>
>> =================================================
>> To set vacation, Out-Of-Office, or away messages,
>> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>> in the BODY of the email add:
>> set fw-1-mailinglist nomail
>> =================================================
>> To unsubscribe from this mailing list,
>> please see the instructions at
>> http://www.checkpoint.com/services/mailing.html
>> =================================================
>> If you have any questions on how to change your
>> subscription options, email
>> fw-1-owner AT ts.checkpoint DOT com
>> =================================================
>>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Network sniffer for IPSO, Mark Williams Re: [FW-1] Network sniffer for IPSO, Brockhoven, Werner Re: [FW-1] Network sniffer for IPSO, Ravikumar Manam Re: [FW-1] Network sniffer for IPSO, Mark Williams Re: [FW-1] Network sniffer for IPSO, Robby Cauwerts Re: [FW-1] Network sniffer for IPSO, Mark Williams Re: [FW-1] Network sniffer for IPSO, Robby Cauwerts <= Re: [FW-1] Network sniffer for IPSO, Andrej Skamen

Previous by Date:	[FW-1] Urgent: migrate global objects and global rules from NG Feature Pack 3 to NGx R61, cisco4ng
Next by Date:	Re: [FW-1] Help needed with Checkpoint Firewall and Proxy Server, Steffen
Previous by Thread:	Re: [FW-1] Network sniffer for IPSO, Mark Williams
Next by Thread:	Re: [FW-1] Network sniffer for IPSO, Andrej Skamen
Indexes:	[Date] [Thread] [Top] [All Lists]