I found tcpdump on the firewall to be quite useful. I used it to prove
(mainly to myself) that FW-1 smtp server was refusing/dropping connections
without logging them, contrary to the policy. Apparently it can't handle
reverse path mail addresses so it pretends they didn't even happen.
On the other hand, I never really trust that FW-1 doesn't alter the packets
before tcpdump sees them, so I set up a sniffer port on the adjacent
switch, too.
hermit1
At 12:12 PM 10/26/01 -0400, Greg Poirier wrote:
>Just curious.. But why wouldn't you want to put tcpdump on your
>firewall? This could actually come in handy when diagnosing network
>issues that involve your firewall.
>
>If anything.. I could more than likely find literature supporting the
>installation of tcpdump on a firewall.
>
>
>On Thu, Oct 25, 2001 at 02:51:36PM -0400, hesselsp_at_ashaman.dhs.org wrote:
> > Anyone want to help me out here?
> >
> > I have had a request to put tcpdump on our firewall by one of our tech
> guys.
> >
> > I have told him that I will not do so, and he wants a good reason why.
> >
> > Does anyone have a ezine article or some other reference as to why I
> > shouldn't put it on?
> >
> > Paul
> >
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards_at_nfr.com
> > http://list.nfr.com/mailman/listinfo/firewall-wizards
>
>--
>Greg Poirier System Administrator
>EarthLink, Inc. Multi-Function Engineering
>(404) 748-7106 Atlanta, GA
>_______________________________________________
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Received on Oct 27 2001
Intro
