• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 192
  • Last Modified:

Debug packet INT SRC MASK output confusion

By using the debug command how can I tell if traffic was passed or rejected from a specific IP or range.  For instance here is the output I recieved in my test.  I know that it was blocked but what in the output will confirm that for me?

--------- PACKET ---------

-- IP --
Source ==>     Dest

        ver = 0x4       hlen = 0x5      tos = 0x0       tlen = 0x30
        id = 0x6321     flags = 0x40    frag off=0x0
        ttl = 0x7e      proto=0x6       chksum = 0xb494

        -- TCP --
                source port = 0x7b0     dest port = 0x17syn

                seq = 0x166cf6da
                ack = 0x0
                hlen = 0x7              window = 0xffff
                checksum = 0x88ff       urg = 0x0
tcp options:
                        0x2     0x4     0x5     0xb4    0x1     0x1     0x4
0x2
--------- END OF PACKET ---------

--------- PACKET ---------

-- IP --
Source ==>     Dest

        ver = 0x4       hlen = 0x5      tos = 0x0       tlen = 0x30
        id = 0x6322     flags = 0x40    frag off=0x0
        ttl = 0x7e      proto=0x6       chksum = 0xb493

        -- TCP --
                source port = 0x7b0     dest port = 0x17syn

                seq = 0x166cf6da
                ack = 0x0
                hlen = 0x7              window = 0xffff
                checksum = 0x88ff       urg = 0x0
tcp options:
                        0x2     0x4     0x5     0xb4    0x1     0x1     0x4
0x2
--------- END OF PACKET ---------

--------- PACKET ---------

-- IP --
Source ==>     Dest

        ver = 0x4       hlen = 0x5      tos = 0x0       tlen = 0x30
        id = 0x6323     flags = 0x40    frag off=0x0
        ttl = 0x7e      proto=0x6       chksum = 0xb492

        -- TCP --
                source port = 0x7b0     dest port = 0x17syn

                seq = 0x166cf6da
                ack = 0x0
                hlen = 0x7              window = 0xffff
                checksum = 0x88ff       urg = 0x0
tcp options:
                        0x2     0x4     0x5     0xb4    0x1     0x1     0x4
0x2
--------- END OF PACKET ---------


Thanks,

Sunny
0
sunnyd24
Asked:
sunnyd24
1 Solution
 
Tim HolmanCommented:
It doesn't.  This is only a packet capture.  You could compare this to what you see blocked in the fw logs ?
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now