Comandos Fortinet

Captura de trafico
diag sniffer packet port1 'host 10.84.162.9' 4 2

Niveles detallados en detalle:
1: encabezado de impresin de los paquetes
2: encabezado de impresin y datos de IP de los paquetes
3: encabezado de impresin y datos de Ethernet de paquetes
4: encabezado de impresin de los paquetes con nombre de la interfaz
5: encabezado de impresin y datos de IP de los paquetes con nombre de la interfaz
6: cabecera de impresin y los datos de Ethernet de paquetes con nombre de la interfaz
diag sniffer packet <interface> <'filter'> <verbose>

<count> a
Interface es la interface por la que se va a capturar
trafico.
Filter Filtro de la traza a capturar
Verbose nivel de detalle cmo se ha descrito ya
Count numero de paquetes a capturar
Ejemplos
# Paquete sniffer diag ninguno interna 4 3
interna en 192.168.0.1.22 -> 192.168.0.30.1144: psh 2859918764
1949135261 ack
interna en 192.168.0.1.22 -> 192.168.0.30.1144: psh 2859918816
1949135261 ack
interna a cabo 192.168. 0.30.1144 -> 192.168.0.1.22: ack 2859918884
diag sniffer packet internal none 5 1

internal in 192.168.0.1.22 -> 192.168.0.30.1144: psh 2867817048 ack
1951061933
0x0000
0x0010
0x0020
0x0030
0x0040
0x0050
4510
c0a8
5018
3eaf
08a9
bd9c
005c
001e
0b5c
3804
7907
b649
8eb1
0016
8ab9
3fee
202d
5318
4000
0478
0000
2555
5898
7fc5
4006
aaef
9819
8deb
a85c
c415
2a6b
6a58
880b
24da
facb
5a59
c0a8 0001 E..\..@.@.*k....

744a d7ad .......x..jXtJ..
f465 62a8 P..\.........eb.
dd0d c684 >.8.?.%U..$.....
8c0a f9e5 ..y..-X..\......
...IS.....ZY
# diag sniffer packet internal 'src host 192.168.0.130 and dst host
192.168.0.1' 1
192.168.0.130.3426 -> 192.168.0.1.80:
192.168.0.1.80 -> 192.168.0.130.3426:
192.168.0.130.3426 -> 192.168.0.1.80:
192.168.0.130.3426 -> 192.168.0.1.80:
192.168.0.1.80 -> 192.168.0.130.3426:
syn
syn
ack
psh
ack
1325244087
3483111189 ack 1325244088
3483111190
1325244088 ack 3483111190
1325244686
192.168.0.130.1035 -> 192.168.0.1.53: udp 26

192.168.0.130.1035 -> 192.168.0.1.53: udp 42
192.168.0.130.1035 -> 192.168.0.1.53: udp 42
192.168.0.130 -> 192.168.0.1: icmp: echo request
192.168.0.130.3426 -> 192.168.0.1.80: psh 1325244686 ack 3483111190
192.168.0.1.80 -> 192.168.0.130.3426: ack 1325244735
# diag sniffer packet internal 'src host 192.168.0.130 and dst host
192.168.0.1 and tcp' 1
192.168.0.130.3569 -> 192.168.0.1.23: syn 1802541497
192.168.0.1.23 -> 192.168.0.130.3569: syn 4238146022 ack 1802541498
192.168.0.130.3569 -> 192.168.0.1.23: ack 4238146023
# diag sniffer packet internal 'host 192.168.0.130 and icmp' 1

192.168.0.1 -> 192.168.0.130: icmp: echo reply
# diag sniffer packet internal 'host 192.168.0.130 or 192.168.0.1 and

tcp port 80' 1
192.168.0.130.3625 -> 192.168.0.1.80:
192.168.0.1.80 -> 192.168.0.130.3625:
192.168.0.130.3625 -> 192.168.0.1.80:
192.168.0.130.3625 -> 192.168.0.1.80:
192.168.0.1.80 -> 192.168.0.130.3625:
syn
syn
ack
psh
ack
2057246590
3291168205 ack 2057246591
3291168206
2057246591 ack 3291168206
2057247265
Filtrada se puede utilizar para mostrar paquetes basndose en su contenido, utilizando posicin de byte
hexadecimal.
Match TTL = 1
# diagnose sniffer packet port2 "ip[8:1] = 0x01"

Match Source IP address = 192.168.1.2:
# diagnose sniffer packet internal "(ether[26:4]=0xc0a80102)"

Match Source MAC = 00:09:0f:89:10:ea
# diagnose sniffer packet internal "(ether[6:4]=0x00090f89) and

(ether[10:2]=0x10ea)"
Match Destination MAC = 00:09:0f:89:10:ea
# diagnose sniffer packet internal "(ether[0:4]=0x00090f89) and

(ether[4:2]=0x10ea)"
Match ARP packets only
# diagnose sniffer packet internal "ether proto 0x0806"

TCP or UDP flags can be addressed using the following:
Match packets with RST flag set:
# diagnose sniffer packet internal "tcp[13] & 4 != 0"

Match packets with SYN flag set:
# diagnose sniffer packet internal "tcp[13] & 2 != 0"

Match packets with SYN-ACK flag set:
# diagnose sniffer packet internal "tcp[13] = 18"
Enlace documentacion tecnica http://docs.fortinet.com
1
2
3
4
5
6
7
8
9
1
0
1
1
1
2
1
3
1
4
1
5
1
6
1
7
1
8
1
9
2
0
2
1
Ver parmetros de la interface

diagnose hardware deviceinfo nic port1
Mostrar la configuracin general del appliance y estado de los

mdulos
get sys status
myfirewall1 # get sys status

Version: Fortigate-50B v4.0,build0535,120511 (MR3 Patch 7)
Virus-DB: 14.00000(2011-08-24 17:17)
Extended DB: 14.00000(2011-08-24 17:09)
IPS-DB: 3.00150(2012-02-15 23:15)
FortiClient application signature package: 1.529(2012-10-09 10:00)
Serial-Number: FGT50B1234567890
BIOS version: 04000010
Log hard disk: Not available
Hostname: myfirewall1
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Distribution: International
Branch point: 234
Release Version Information: MR3 Patch 7
System time: Thu Nov 15 13:12:30 2012
Mostrar las estadsticas del trfico hasta el momento:
get system performance firewall statistics

1
2
3
4
5
6
7
8
9
1
0
1
1
1
2
1
3
1
4
1
5
1
6
1
7
myfirewall1 # get system performance firewall statistics

getting traffic statistics...
Browsing: 544083 packets, 80679942 bytes
DNS: 19333 packets, 2400831 bytes
E-Mail: 52 packets, 3132 bytes
FTP: 0 packets, 0 bytes
Gaming: 0 packets, 0 bytes
IM: 0 packets, 0 bytes
Newsgroups: 0 packets, 0 bytes
P2P: 0 packets, 0 bytes
Streaming: 0 packets, 0 bytes
TFTP: 0 packets, 0 bytes
VoIP: 0 packets, 0 bytes
Generic TCP: 13460 packets, 1301879 bytes
Generic UDP: 7056 packets, 647156 bytes
Generic ICMP: 172 packets, 11804 bytes
Generic IP: 26 packets, 832 bytes
2
3
4
5
6
7
8
9
1
0
myfirewall1 # get system performance status

CPU states: 0% user 0% system 0% nice 100% idle
CPU0 states: 0% user 0% system 0% nice 100% idle
Memory states: 48% used
Average network usage: 1 kbps in 1 minute, 0 kbps in 10 minutes, 0 kbps in 30 minutes
Average sessions: 0 sessions in 1 minute, 0 sessions in 10 minutes, 0 sessions in 30
minutes
Average session setup rate: 0 sessions per second in last 1 minute, 0 sessions per second
in last 10 minutes, 0 sessions per second in last 30 minutes
Virus caught: 0 total in 1 minute
IPS attacks blocked: 0 total in 1 minute
Uptime: 24 days, 11 hours, 25 minutes
1
2
3
4
5
6
7
8
9
1
0
Mostrar el estado del CPU y tiempo prendido:

get system performance status
Mostrar el uso del CPU ordenado por los procesos de mayor peso:
get system performance top
myfirewall1 # get system performance top

Run Time: 24 days, 11 hours and 26 minutes
0U, 0S, 100I; 249T, 119F, 60KF
initXXXXXXXXXXX 1 S 0.0 4.5
cmdbsvr 23 S 0.0 6.8
zebos_launcher 27 S 0.0 4.7
uploadd 28 S 0.0 4.6
miglogd 29 S 0.0 5.9
miglogd 30 S 0.0 4.6
httpsd 31 S 0.0 7.0
nsm 32 S 0.0 1.1
1
1
1
2
1
3
1
4
1
5
1
6
1
7
1
8
1
9
2
0
2
1
2
2
2
3
ripd 33 S 0.0 0.9

ripngd 34 S 0.0 0.9
ospfd 35 S 0.0 0.9
proxyd 36 S 0.0 4.6
wad_diskd 37 S 0.0 4.6
scanunitd 38 S < 0.0 4.9
ospf6d 39 S 0.0 0.9
bgpd 40 S 0.0 1.0
isisd 41 S 0.0 0.9
proxyacceptor 42 S 0.0 0.7
proxyworker 43 S 0.0 1.8
getty 44 S < 0.0 4.6
1
2
3
4
5
6
7
8
9
1
0
1
1
1
2
myfirewall1 # get sys ha status

Model: 311
Mode: a-p
Group: 0
Debug: 0
ses_pickup: enable
Master:254 myfirewall1 FG311B1111111111 0
Slave :128 myfirewall2 FG311B1111111112 1
number of vcluster: 1
vcluster 1: work 10.0.0.1
Master:0 FG311B1111111111
Slave :1 FG311B1111111112
1
2
3
4
5
6
7
Mostrar el estado del mdulo de High Availability:

get sys ha status
Verificar la tabla de sesiones del Firewall:

diag sys session full-stat
myfirewall1 # diag sys session full-stat

session table: table_size=65536 max_depth=1 used=2
expect session table: table_size=1024 max_depth=0 used=0
misc info: session_count=1 setup_rate=0 exp_count=0 clash=0
memory_tension_drop=0 ephemeral=0/16368 removeable=0 ha_scan=0
delete=0, flush=0, dev_down=0/0
TCP sessions:
8
9
1
0
1
1
1
2
1
3
1
4
1
5
1
6
1
7
1
8
1
9
2
0
2
1
1 in ESTABLISHED state
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
tt=00000000
cont=00000000
ids_recv=00000000
url_recv=00000000
av_recv=00000000
fqdn_count=00000000
tcp reset stat:
syncqf=0 acceptqf=0 no-listener=11025 data=0 ses=0 ips=0

Comandos Fortinet

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Comandos Fortinet

Transféré par

Droits d'auteur :

Formats disponibles

Captura de trafico

diag sniffer packet port1 'host 10.84.162.9' 4 2

diag sniffer packet <interface> <'filter'> <verbose>

diag sniffer packet internal none 5 1

c0a8 0001 E..\..@.@.*k....

192.168.0.130.1035 -> 192.168.0.1.53: udp 26

# diag sniffer packet internal 'host 192.168.0.130 and icmp' 1

# diag sniffer packet internal 'host 192.168.0.130 or 192.168.0.1 and

# diagnose sniffer packet port2 "ip[8:1] = 0x01"

# diagnose sniffer packet internal "(ether[26:4]=0xc0a80102)"

# diagnose sniffer packet internal "(ether[6:4]=0x00090f89) and

# diagnose sniffer packet internal "(ether[0:4]=0x00090f89) and

Match ARP packets only

# diagnose sniffer packet internal "ether proto 0x0806"

# diagnose sniffer packet internal "tcp[13] & 4 != 0"

# diagnose sniffer packet internal "tcp[13] & 2 != 0"

# diagnose sniffer packet internal "tcp[13] = 18"

Enlace documentacion tecnica http://docs.fortinet.com

Ver parmetros de la interface

Mostrar la configuracin general del appliance y estado de los

myfirewall1 # get sys status

Mostrar las estadsticas del trfico hasta el momento:

get system performance firewall statistics

myfirewall1 # get system performance firewall statistics

myfirewall1 # get system performance status

Mostrar el estado del CPU y tiempo prendido:

myfirewall1 # get system performance top

ripd 33 S 0.0 0.9

myfirewall1 # get sys ha status

Mostrar el estado del mdulo de High Availability:

Verificar la tabla de sesiones del Firewall:

myfirewall1 # diag sys session full-stat

Vous aimerez peut-être aussi