FWSM: What source IP is hitting the inbound

Unanswered Question
Oct 21st, 2008
User Badges:

Can some advice me of commands that will explicitly indicate if a source ip or subnet is arriving on an interface. (The source could be allowd or not allowed)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Farrukh Haroon Wed, 10/22/2008 - 02:47
User Badges:
  • Red, 2250 points or more

Do you mean to to capture the packets from a particular source once they reach the firewall or do you want to know IF a packet with this specific source IP would come will it be allowed through?


For the first you have the capture command on the FWSM AFAIK. For the second command there is no 'automated' process on the FWSM. On the ASA/PIX there is! Its called the 'packet-tracer' command. On the FWSM you can just check the ACL applied on that interface manually.


Regards


Farrukh

s.srivas Tue, 11/04/2008 - 08:53
User Badges:

Dear Farrukh,


Thanks for the reply. The capture command proved useful.


However, I would like to know how to display the details of currently active connections, such as source IP etc...

Farrukh Haroon Tue, 11/04/2008 - 21:58
User Badges:
  • Red, 2250 points or more

You can use the 'show connection' command for tihs purpose. It also has some optional keywords like 'detailed' etc.


You can also download an evaluation of fireplotter (fireplotter.com) to get a nice filterable GUI.


Regards


Farrukh

Actions

This Discussion