Firewall Wizards mailing list archives
Re: tcpdump installation on unix firewall?
From: Lance Spitzner <lance () stan ksni net>
Date: Tue, 31 Aug 1999 09:16:35 -0500 (CDT)
On Fri, 27 Aug 1999, Robert Graham wrote:
Does it interfere with the FW-1 software?Probably not. However, it can slow down the system. A better solution would be to set up a separate system logging the packets "promiscuously", monitoring the same wire as the firewall, but not actually installed on the firewall.
First, I am a big fan of using sniffers on the actual firewall for troubleshooting purposes. I personally believe the benefits for troubleshooting far outweigh the risks. With FW-1, sniffers capture the packets BEFORE the FW-1 filter inspects the packets, regardless if it drops/rejects/accept etc. This way you can compare what packets are actually going through the box to what the FW sees in its logs. This has proven invaluable to me in numerous troubleshooting scenarios. Lance Spitzner http://www.enteract.com/~lspitz/papers.html
Current thread:
- tcpdump installation on unix firewall? Andreas . Bolatzki (Aug 27)
- Re: tcpdump installation on unix firewall? Matt Curtin (Aug 30)
- Re: tcpdump installation on unix firewall? Siglite (Aug 30)
- <Possible follow-ups>
- Re: tcpdump installation on unix firewall? Robert Graham (Aug 30)
- Re: tcpdump installation on unix firewall? Lance Spitzner (Aug 31)
- Re: tcpdump installation on unix firewall? Peter J. Cherny (Aug 30)
- RE: tcpdump installation on unix firewall? jan . schultheiss (Aug 30)
- RE: tcpdump installation on unix firewall? Mason Begley (Aug 31)