Firewall Wizards: Re: tcpdump on my firewall

[hermit1 <hermits () mac com>]

I found tcpdump on the firewall to be quite useful.  I used it to prove 
(mainly to myself) that FW-1 smtp server was refusing/dropping connections 
without logging them, contrary to the policy.  Apparently it can't handle 
reverse path mail addresses so it pretends they didn't even happen.
On the other hand, I never really trust that FW-1 doesn't alter the packets 
before tcpdump sees them, so I set up a sniffer port on the adjacent 
switch, too.
hermit1

At 12:12 PM 10/26/01 -0400, Greg Poirier wrote:
> Just curious.. But why wouldn't you want to put tcpdump on your
> firewall?  This could actually come in handy when diagnosing network
> issues that involve your firewall.
>
> If anything.. I could more than likely find literature supporting the
> installation of tcpdump on a firewall.
>
>
> On Thu, Oct 25, 2001 at 02:51:36PM -0400, hesselsp () ashaman dhs org wrote:
> > Anyone want to help me out here?
> >
> > I have had a request to put tcpdump on our firewall by one of our tech 
> guys.
> >
> > I have told him that I will not do so, and he wants a good reason why.
> >
> > Does anyone have a ezine article or some other reference as to why I
> > shouldn't put it on?
> >
> > Paul
> >
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards () nfr com
> > http://list.nfr.com/mailman/listinfo/firewall-wizards
>
> --
> Greg Poirier                       System Administrator
> EarthLink, Inc.              Multi-Function Engineering
> (404) 748-7106                              Atlanta, GA
> _______________________________________________
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards