Chinaunix首页 | 论坛 | 博客
  • 博客访问: 120179
  • 博文数量: 12
  • 博客积分: 369
  • 博客等级: 一等列兵
  • 技术积分: 600
  • 用 户 组: 普通用户
  • 注册时间: 2012-09-02 08:26
文章分类

全部博文(12)

文章存档

2013年(1)

2012年(11)

分类: 系统运维

2012-10-30 15:49:40

Juniper firewall debug
juniper firewall 一向运行还是非常稳定的,但是偶尔还是会遇到有些正常无法解释的现象,这个时候就需要开启
debug 功能抓报分析一下,相关丢包或其他方面的原因
firewall debug 的步骤 共11步
0. set console dbuf – redirect the debug message output from
console to buffer.
1. undebug all - we are assuring that the debug utility is not already
running.
2. get ffilter - we would expect to get no response. This tells us we
have not set up any flow filters as of yet. If you should see filters
listed you can delete them with unset ffilter.
3. set ffilter src-ip x.x.x.x(computer A) dst-ip x.x.x.x(computer B)
4. set ffilter src-ip x.x.x.x(Computer B) dst-ip x.x.x.x(computer A) by
doing this we can observe the packets flowing in each direction and
where any possible problems may be. Basically we want to define the
end points of communication.
5. clear db - this will clear the debugging cache.
6. debug flow basic - this turns the debugging utility on.
7. initiate the traffic you are interested in capturing.
8. get db stream - this is the actual packet capture output that we
want.
9. undebug all - turns the utility back off.
10. unset ffilter 0 - this will need to be done twice, once for each filter
that we set up earlier.
11.clear db - this will clear the cache.
 
 
类似执行的命令
undebug all
get ffilter
set ffilter src-ip 1.1.1.1 dst-ip 2.2.2.2
set ffilter src-ip 2.2.2.2 dst-ip 1.1.1.1
clear db
debug flow basic
get db stream
undebug all
unset ffilter 0
clear db
 
阅读(1099) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~