Captura de trafco diag snifer packet port1 'host 10.84.162.9' 4 2 Niveles detallados en detalle: 1: encabezado de impresión de los paquetes 2: encabezado de impresión y datos de IP de los paquetes 3: encabezado de impresión y datos de Ethernet de paquetes 4: encabezado de impresión de los paquetes con nombre de la interaz !: encabezado de impresión y datos de IP de los paquetes con nombre de la interaz ": cabecera de impresión y los datos de Ethernet de paquetes con nombre de la interaz
diag sniffer packet <'filter'> a Interface es
la interface por la que se va a capturar
trafico. Filter Filtro de la traza a capturar Verbose Verbose nivel de detalle cómo se ha descrito ya Count numero de paquetes a capturar
Ejemplos # aquete sniffer diag ninguno interna 4 3 interna en !".!$%.&.!. !".!$%.&.!. > !".!$%.&.(&.!!))* !".!$%.&.(&.!!))* psh %+""!%,$) !")"!(+$! ack interna en !".!$%.&.!. !".!$%.&.!. > !".!$%.&.(&.!!))* !".!$%.&.(&.!!))* psh %+""!%%!$ !")"!(+$! ack interna a cabo !".!$%. &.(&.!!)) > !".!$%.&.!.* ack %+""!%%%)
diag sniffer packet internal none 5 ! internal in !".!$%.&.!. > !".!$%.&.(&.!!))* psh %$,%!,&)% ack !"+!&$!"(( &-&&&& &-&&!& &-&&& &-&&(& &-&&)& &-&&+&
)+!& c&a% +&!% (eaf &%a" bd"c
&&+c &&!e &b+c (%&) ,"&, b$)"
%eb! &&!$ %ab" (fee &d +(!%
)&&& &),% &&&& +++ +%"% ,fc+
)&&$ aaef "%!" %deb a%+c c)!+
a$b $a+% %%&b )da facb +a+"
c&a% &&&! ../..0.0.1k.... ,))a d,ad .......-..23t4.. f)$+ $a% ../.........eb. dd&d c$%) >.%.5.67..8..... %c&a f"e+ ..y..3../...... ...9:.....;
# diag sniffer packet internal 'src host !".!$%.&.!(& and dst host !".!$%.&.!' ! !".!$%.&.!(&.()$ > !".!$%.&.!.%&* !".!$%.&.!.%& > !".!$%.&.!(&.()$* !".!$%.&.!(&.()$ > !".!$%.&.!.%&* !".!$%.&.!(&.()$ > !".!$%.&.!.%&* !".!$%.&.!.%& > !".!$%.&.!(&.()$*
syn syn ack psh ack
!(+))&%, ()%(!!!!%" ack !(+))&%% ()%(!!!!"& !(+))&%% ack ()%(!!!!"& !(+))$%$
!".!$%.&.!(&.!&(+ > !".!$%.&.!.+(* udp $ !".!$%.&.!(&.!&(+ > !".!$%.&.!.+(* udp ) !".!$%.&.!(&.!&(+ > !".!$%.&.!.+(* udp ) !".!$%.&.!(& > !".!$%.&.!* icmp* echo request !".!$%.&.!(&.()$ > !".!$%.&.!.%&* psh !(+))$%$ ack ()%(!!!!"& !".!$%.&.!.%& > !".!$%.&.!(&.()$* ack !(+)),(+ !".!$%.&.!(& > !".!$%.&.!* icmp* echo request
# diag sniffer packet internal 'src host !".!$%.&.!(& and dst host !".!$%.&.! and tcp' ! !".!$%.&.!(&.(+$" > !".!$%.&.!.(* syn !%&+)!)", !".!$%.&.!.( > !".!$%.&.!(&.(+$"* syn )(%!)$& ack !%&+)!)"% !".!$%.&.!(&.(+$" > !".!$%.&.!.(* ack )(%!)$&(
# diag sniffer packet internal 'host !".!$%.&.!(& and icmp' ! !".!$%.&.!(& > !".!$%.&.!* icmp* echo request !".!$%.&.! > !".!$%.&.!(&* icmp* echo reply
# diag sniffer packet internal 'host !".!$%.&.!(& or !".!$%.&.! and tcp port %&' ! !".!$%.&.!(&.($+ > !".!$%.&.!.%&* !".!$%.&.!.%& > !".!$%.&.!(&.($+* !".!$%.&.!(&.($+ > !".!$%.&.!.%&* !".!$%.&.!(&.($+ > !".!$%.&.!.%&* !".!$%.&.!.%& > !".!$%.&.!(&.($+*
syn syn ack psh ack
&+,)$+"& ("!!$%&+ ack &+,)$+"! ("!!$%&$ &+,)$+"! ack ("!!$%&$ &+,),$+
#iltrada se puede utilizar para mostrar paquetes bas$ndose en su contenido% utili zando posición de byte he&adecimal' (atch ))* + 1 # diagnose sniffer packet port =ip%*!? @ &-&!= (atch ,ource IP address + 1-2'1".'1'2: # diagnose sniffer packet internal =Aether$*)?@&-c&a%&!&B= (atch ,ource (/0 + :-::.-:1:ea # diagnose sniffer packet internal =Aether$*)?@&-&&&"&f%"B and Aether!&*?@&-!&eaB= (atch estination (/0 + :-::.-:1:ea # diagnose sniffer packet internal =Aether&*)?@&-&&&"&f%"B and Aether)*?@&-!&eaB=
(atch /P pacets only # diagnose sniffer packet internal =ether proto &-&%&$= )0P or 5P la6s can be addressed usin6 the ollo7in6: (atch pacets 7ith ,) la6 set: # diagnose sniffer packet internal =tcp!(? C ) D@ &= (atch pacets 7ith ,8N la6 set: # diagnose sniffer packet internal =tcp!(? C D@ &= (atch pacets 7ith ,8N9/0 la6 set: # diagnose sniffer packet internal =tcp!(? @ !%=
Enlace documentacion tecnica http:;;docs'ortinet'com •
Ver parámetros de la interace diagnose hardware deviceino nic port1
•
Mostrar la confguración general del appliance y estado de los módulos get s!s stat"s
1 2 3 4 5 6 ! " 1 # 1 1 1 2 1 3 1 4 1 5 1 6 1 1 ! 1 " 2 # 2 1
myfre$all1 % get sys status Version& 'ortigate(5#) *4+#,-uild#535,12#511 .M/3 0atc Virus()& 14+#####.2#11(#!(24 1&1 Etended )& 14+#####.2#11(#!(24 1" 0()& 3+##15#.2#12(#2(15 23&15 'ortiClient application signature pac7age& 1+52".2#12(1#(#" 1## erial(8um-er& '9:5#)123456!"# ); *ersion& #4####1# : Current *irtual domain& root Ma num-er o *irtual domains& 1# Virtual domains status& 1 in 8>: mode, # in :0 mode Virtual domain confguration& disa-le '0(CC mode& disa-le Current => mode& standalone istri-ution& nternational )ranc point& 234 /elease Version normation& M/3 0atc ystem time& :u 8o* 15 13&12&3# 2#12
•
Mostrar las estad?sticas del tráfco asta el momento&
get s!stem perormance #rewall statistics 1 2 3 4 5 myfre$all1 % get system perormance fre$all statistics 6 getting tra@c statistics+++ )ro$sing& 544#!3 pac7ets, !#6""42 -ytes ! 8& 1"333 pac7ets, 24##!31 -ytes " E(Mail& 52 pac7ets, 3132 -ytes 1 ':0& # pac7ets, # -ytes # 9aming& # pac7ets, # -ytes 1 M& # pac7ets, # -ytes 1 8e$sgroups& # pac7ets, # -ytes 1 020& # pac7ets, # -ytes 2 treaming& # pac7ets, # -ytes 1 :':0& # pac7ets, # -ytes 3 Vo0& # pac7ets, # -ytes 1 9eneric :C0& 1346# pac7ets, 13#1!" -ytes 4 9eneric A0& #56 pac7ets, 64156 -ytes 1 9eneric CM0& 12 pac7ets, 11!#4 -ytes 5 9eneric 0& 26 pac7ets, !32 -ytes 1 6 1 •
Mostrar el estado del C0A y tiempo prendido& get s!stem perormance stat"s
2 3 4 5 6 ! " 1 #
myfre$all1 % get system perormance status C0A states& #B user #B system #B nice 1##B idle C0A# states& #B user #B system #B nice 1##B idle Memory states& 4!B used >*erage net$or7 usage& 1 7-ps in 1 minute, # 7-ps in 1# minutes, # 7-ps in 3# minutes >*erage sessions& # sessions in 1 minute, # sessions in 1# minutes, # sessions in 3# minutes >*erage session setup rate& # sessions per second in last 1 minute, # sessions per second in last 1# minutes, # sessions per second in last 3# minutes Virus caugt& # total in 1 minute 0 attac7s -loc7ed& # total in 1 minute Aptime& 24 days, 11 ours, 25 minutes
•
Mostrar el uso del C0A ordenado por los procesos de mayor peso& get s!stem perormance top
1 2 3 4 5 6 ! " 1 #
myfre$all1 % get system perormance top /un :ime& 24 days, 11 ours and 26 minutes #A, #, 1## 24":, 11"', 6#D' init 1 #+# 4+5 cmd-s*r 23 #+# 6+! Fe-osGlauncer 2 #+# 4+ uploadd 2! #+# 4+6 miglogd 2" #+# 5+" miglogd 3# #+# 4+6 ttpsd 31 #+# +# nsm 32 #+# 1+1
1 1 1 2 1 3 1 4 1 5 1 6 1 1 ! 1 " 2 # 2 1 2 2 2 3
ripd 33 #+# #+" ripngd 34 #+# #+" ospd 35 #+# #+" proyd 36 #+# 4+6 $adGdis7d 3 #+# 4+6 scanunitd 3! H #+# 4+" osp6d 3" #+# #+" -gpd 4# #+# 1+# isisd 41 #+# #+" proyacceptor 42 #+# #+ proy$or7er 43 #+# 1+! getty 44 H #+# 4+6
•
Mostrar el estado del módulo de =ig >*aila-ility& get s!s ha stat"s
1 2 3 4 5 6 ! " 1 # 1 1 1 2
myfre$all1 % get sys a status Model& 311 Mode& a(p 9roup& # e-ug& # sesGpic7up& ena-le Master&254 myfre$all1 '9311)1111111111 # la*e &12! myfre$all2 '9311)1111111112 1 num-er o *cluster& 1 *cluster 1& $or7 1#+#+#+1 Master '9311)1111111111 la*e &1 '9311)1111111112
•
Verifcar la ta-la de sesiones del 'ire$all& diag s!s session "ll$stat
1 myfre$all1 % diag sys session ull(stat 2 session ta-le& ta-leGsiFeI65536 maGdeptI1 usedI2 3 epect session ta-le& ta-leGsiFeI1#24 maGdeptI# usedI# 4 misc ino& sessionGcountI1 setupGrateI# epGcountI# clasI# 5 memoryGtensionGdropI# epemeralI#J1636! remo*ea-leI# aGscanI# 6 deleteI#, KusI#, de*Gdo$nI#J# :C0 sessions&
! " 1 # 1 1 1 2 1 3 1 4 1 5 1 6 1 1 ! 1 " 2 # 2 1
1 in E:>)<=E state fre$all error stat& error1I######## error2I######## error3I######## error4I######## ttI######## contI######## idsGrec*I######## urlGrec*I######## a*Grec*I######## LdnGcountI######## tcp reset stat& syncLI# acceptLI# no(listenerI11#25 dataI# sesI# ipsI#