TCP Dump
#tcpdump -nni 0.0 host 10.1.64.138 or host 10.1.1.1 -i 0.0
-n - disable name resolution
>file.txt - save to a text file
src host <ip_address> / dst host <ip_address> /src port /dst port/
tcpdump src host 172.16.101.20 and dst host 10.90.100.1
-vvv - maximum verbosity
-i <if_number or vlan>
-c (count) number of packets to capture
-c (count) number of packets to capture
Additional filters:
host
src10.2.2.2
dst 10.1.11
net 10.0.0.0/8
tcp/udp/icmp
port
net 10.0.0.0/8
tcp/udp/icmp
port
-s 2000 - the amaount to capture, -s0 - capture the whole packet
#tcpdump -nni 0.0 -s0 host 10.1.64.138 or host 10.1.1.1 -w /var/tmp/capture1.pcap
Example
sudo tcpdump -c 10 -s 1500 src 10.113.88.2 and dst 10.113.88.6 and port 514 and udp
sudo tcpdump -c 10 -s 1500 src 10.113.88.2 and dst 10.113.88.6 and port 514 and udp
SSL Dump
To save capture to file:
tcpdump -vvv -s 0 -nni asmltm-outside-cd03 -w /var/tmp/ssl-capture.pcap
To read captured file:
ssldump -A -d -k <key file> -n -i <capture VLAN> <traffic expression>
-A Print all fields
-d Show application data when private key is provided via -k
-k Private key file, found in /config/ssl/ssl.key/; the key file can be located under client SSL profile
-n Do not try to resolve PTR records for IP addresses
-i The capture VLAN name is the ingres VLAN for the TLS traffic
-d Show application data when private key is provided via -k
-k Private key file, found in /config/ssl/ssl.key/; the key file can be located under client SSL profile
-n Do not try to resolve PTR records for IP addresses
-i The capture VLAN name is the ingres VLAN for the TLS traffic
Device certificate file localtion:
/config/httpd/conf/ssl.crt/server.crt
/config/httpd/conf/ssl.crt/server.crt
Device key file location:
/config/httpd/conf/ssl.key/server.key
/config/httpd/conf/ssl.key/server.key
Analytics capture filter
Ping
ping 10.1.97.74%2 -I 10.1.68.129
-c - count
-I - source interface or address
Tracepath - allows you to specify a port:
tracepath -nc 10.1.1.1/443
To start shell:
run /util bash
exit
Useful tmsh troubleshooting commands
Note: show live information about a configuraiton object, while list displays the configuration for that object
To show current sessions over the device. Options are (cc-
#show sys connection {options}
To show current sessions over the device. Options are (cc-
#show sys connection {options}
#list /net self
#list /net route
Unix Test access to servers/VIP from a host:
HTTP:
curl -v http://10.1.1.1:343
HTTPS:
wget --no-check-certificate https://10.1.1.1:343
curl -v https://10.1.1.1:343
Any TCP:
telnet 10.1.1.1 343
UDP:
iperf 10.1.1.1 -p53 -u
(-p - port, -t tcp, -u udp)
Example:
To test your VPN SSL settings:
https://www.ssllabs.com/ssltest/
#list /net route
Unix Test access to servers/VIP from a host:
HTTP:
curl -v http://10.1.1.1:343
HTTPS:
wget --no-check-certificate https://10.1.1.1:343
curl -v https://10.1.1.1:343
Any TCP:
telnet 10.1.1.1 343
UDP:
iperf 10.1.1.1 -p53 -u
(-p - port, -t tcp, -u udp)
Example:
iperf -c 192.168.66.1 -u -b 100m -t 30
To test your VPN SSL settings:
https://www.ssllabs.com/ssltest/
No comments:
Post a Comment