At 09:16 AM 8/31/99 -0500, Lance Spitzner wrote:
>On Fri, 27 Aug 1999, Robert Graham wrote:
>
>First, I am a big fan of using sniffers on the actual firewall for
>troubleshooting
>purposes. I personally believe the benefits for troubleshooting far outweigh
>the risks.
>
>With FW-1, sniffers capture the packets BEFORE the FW-1 filter inspects the
>packets,
>regardless if it drops/rejects/accept etc. This way you can compare what
>packets
>are actually going through the box to what the FW sees in its logs. This has
>proven invaluable to me in numerous troubleshooting scenarios.
Just as important, the sniffer sees the packet dropped on the wire *after*
fwd is done with it. This helps to identify misrouted packets, packets
dropped that aren't logged, etc. "snoop -d <interface>" (running in its
own xwindow titled <interface>) is of invaluable help in setting up the
firewall for the first time.
--woody
>
>Lance Spitzner
>http://www.enteract.com/~lspitz/papers.html
>
Received on Sep 07 1999
Intro
