Display on the Console
In the advance of troubleshooting a PIX firewall botheration by capturing data,
viewing the abduction on the animate is apparently the best alive option. If you
opt to use the animate for this purpose, it is best if you accumulate the packet-length
short abundant to get the primary headers (IP,TCP, etc.), because you can easily
become abashed scrolling through abundant amounts of abstracts on the simple
textual console.To appearance a abduction on the console, use the appearance abduction command:
show abduction
[dump]
If you accept captured a abundant accord of data, you can clarify it out by allegorical an
access-list in this command, which acts as a affectation filter.The calculation constant is
used to absolute the cardinal of packets displayed on the screen.The detail parameter
increases the akin of detail displayed.The dump constant specifies that the data
should be displayed in hex (this does not affectation MAC information). An example
packet abduction is displayed in Figure 10.24.
Figure 10.24 Packet Abduction Example
PIX1# appearance abduction inside-traffic calculation 6
71 packets captured
www.syngress.com
Continued
600 Chapter 10 • Troubleshooting and Performance Monitoring
17:29:35.648434 192.168.2.1.23 > 192.168.2.2.11002: P 942178590:942178597
(7) ack 2099017897 win 4096(fragment-packet)
17:29:35.848207 192.168.2.2.11002 > 192.168.2.1.23: . ack 942178597 win
3531(fragment-packet)
17:29:37.610258 192.168.2.2.11002 > 192.168.2.1.23: P 2099017897:
2099017898(1) ack 942178597 win 3531(fragment-packet)
17:29:37.610442 192.168.2.1.23 > 192.168.2.2.11002: . ack 2099017898 win
4095(fragment-packet)
17:29:37.610686 192.168.2.1.23 > 192.168.2.2.11002: P 942178597:942178598
(1) ack 2099017898 win 4096(fragment-packet)
17:29:37.808155 192.168.2.2.11002 > 192.168.2.1.23: . ack 942178598 win
3530(fragment-packet)
Notice how the acknowledgments (ACKs) are incrementing.This particular
capture was allotment of a Telnet affair amid 192.168.2.1 and 192.168.2.2; the 23
at the end of 192.168.2.1 tells you that it is the Telnet server. At this point, you
should accept a acceptable abstraction aloof how advantageous abduction can be in the troubleshooting
process.