CP防火墙排错装逼三件套

1.tcpdump 通常用来抓包处理经过网卡的交互包

[Expert@BJ-OFFICE-GW:0]# tcpdump -nni any host 10.158.1.100 -w /var/log/tcpdump20190821.cap
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes

2.fw monitor 通常用来通过CP的虚连接来查看报文的交互过程，最常用

fw monitor -e "host (x.x.x.x) or  host(y.y.y.y), accept;"  -o /var/log/20190821.cap

[Expert@BJ-OFFICE-GW:0]# fw monitor -e "host (10.158.1.100) , accept;" -o /var/log/2019082102.cap
monitor: getting filter (from command line)
monitor: compiling
monitorfilter:
Compiled OK.
monitor: loading
monitor: monitoring (control-C to stop)
933 monitor: caught sig 2
monitor: unloading

3. fw ctl zdebug 工具

# fw ctl zdebug + drop | grep 10.158.1.100> /var/log/2019082203.txt

[Expert@BJ-OFFICE-GW:0]# fw ctl zdebug + drop | grep 10.158.1.100> /var/log/2019082203.txt