Hi grimkin,
I haven't had a chance to try this stuff yet, but i'll get to it as soon as possible. One thing I noticed on the log viewer is that if i look at the predifined SmartDefence logs, there is no mention or these dropped calls. Can I therefore say that smartdefence is not the culprit and we're talking about straight old fashioned stateful inspection?
Thanks
Main Topics
Browse All Topics





by: grimkinPosted on 2007-09-17 at 02:00:25ID: 19903600
HI,
If you can disable SD for a short time to test then that would be ideal :)
Otherwise you can:
1 run the "fw ctl chain" to get the inand outbound chains
2 set up a "fw monitor" to capture all comms on port 587 with the "-p all" switch
3 debug in wireshark to see at which stage in the chain the packet is being dropped (see below). IF you see your packet constantly reaching only a certain step in the chain then the likelihood is that the one after it will be the culprit.
Set up Wireshark to interpret FW-1 captures:
1 Edit -> Preferences -> Protocols -> FW-1 -> tick all the boxes
2 Edit -> Preferences -> Protocols -> Ethernet -> Tick the box for "Attempt to interpret as FW-1 monitor file"
Let me know if you need more info on this,
CHeers