Source:172.24.173.10 Destination:172.25.112.22 (Configured on CP interface) #tcpdump -nnei any host 172.24.173.10 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes 17:42:11.718205 In 88:15:44:38:01:a3 ethertype 802.1Q (0x8100), length 72: vlan 1135, p 0, ethertype IPv4, 172.24.173.10.49553 > 172.25.112.22.22: Flags [SEW], seq 4168280369, win 8192, options [mss 1392,nop,wscale 8,nop,nop,sackOK], length 0 17:42:11.718207 In 88:15:44:38:01:a3 ethertype IPv4 (0x0800), length 68: 172.24.173.10.49553 > 172.25.112.22.22: Flags [SEW], seq 4168280369, win 8192, options [mss 1392,nop,wscale 8,nop,nop,sackOK], length 0 17:42:11.718882 Out 00:01:00:00:fd:00 ethertype IPv4 (0x0800), length 68: 172.24.173.10.49553 > 172.25.112.22.22: Flags [SEW], seq 4168280369, win 8192, options [mss 1392,nop,wscale 8,nop,nop,sackOK], length 0 17:42:14.741559 In 88:15:44:38:01:a3 ethertype 802.1Q (0x8100), length 72: vlan 1135, p 0, ethertype IPv4, 172.24.173.10.49553 > 172.25.112.22.22: Flags [SEW], seq 4168280369, win 8192, options [mss 1392,nop,wscale 8,nop,nop,sackOK], length 0 17:42:14.741562 In 88:15:44:38:01:a3 ethertype IPv4 (0x0800), length 68: 172.24.173.10.49553 > 172.25.112.22.22: Flags [SEW], seq 4168280369, win 8192, options [mss 1392,nop,wscale 8,nop,nop,sackOK], length 0 17:42:14.741673 Out 00:01:00:00:fd:00 ethertype IPv4 (0x0800), length 68: 172.24.173.10.49553 > 172.25.112.22.22: Flags [SEW], seq 4168280369, win 8192, options [mss 1392,nop,wscale 8,nop,nop,sackOK], length 0 17:42:20.720697 In 88:15:44:38:01:a3 ethertype 802.1Q (0x8100), length 68: vlan 1135, p 0, ethertype IPv4, 172.24.173.10.49553 > 172.25.112.22.22: Flags [S], seq 4168280369, win 8192, options [mss 1392,nop,nop,sackOK], length 0 17:42:20.720699 In 88:15:44:38:01:a3 ethertype IPv4 (0x0800), length 64: 172.24.173.10.49553 > 172.25.112.22.22: Flags [S], seq 4168280369, win 8192, options [mss 1392,nop,nop,sackOK], length 0 17:42:20.720856 Out 00:01:00:00:fd:00 ethertype IPv4 (0x0800), length 64: 172.24.173.10.49553 > 172.25.112.22.22: Flags [S], seq 4168280369, win 8192, options [mss 1392,nop,nop,sackOK], length 0 ^C 9 packets captured 56 packets received by filter 8 packets dropped by kernel # fw monitor -e 'accept host(172.24.173.10);' PPAK 0: Get before set operation succeeded of fwmonitor_kiss_enable PPAK 0: Get before set operation succeeded of simple_debug_filter_off PPAK 0: Get before set operation succeeded of kiss_debug_force_kdprintf_enable PPAK 0: Get before set operation succeeded of fwmonitorfreebufs ************************************************************** NOTE ************************************************************** *** Using "-e" filter will not monitor accelerated traffic. To monitor and filter accelerated traffic please use the "-F" filter *** ************************************************************************************************************************************ FW monitor will record only ip & transport layers in a packet For capturing the whole packet please do -w PPAK 0: Get before set operation succeeded of fwmonitor_ppak_all_position monitor: getting filter (from command line) monitor: compiling monitorfilter: Compiled OK. monitor: loading monitor: monitoring (control-C to stop) PPAK 0: Get before set operation succeeded of fwmonitormaxpacket PPAK 0: Get before set operation succeeded of fwmonitormask PPAK 0: Get before set operation succeeded of printuuid PPAK 0: Get before set operation succeeded of fwmonitorallocbufs [vs_0][fw_2] eth4.1135:i[44]: 172.24.173.10 -> 172.25.112.22 (TCP) len=52 id=27885 TCP: 49594 -> 22 .S.... seq=14442ac1 ack=00000000 [vs_0][fw_2] eth4.1135:I[44]: 172.24.173.10 -> 172.25.112.22 (TCP) len=52 id=27885 TCP: 49594 -> 22 .S.... seq=14442ac1 ack=00000000 [vs_0][fw_2] eth4.1135:i[44]: 172.24.173.10 -> 172.25.112.22 (TCP) len=52 id=27886 TCP: 49594 -> 22 .S.... seq=14442ac1 ack=00000000 [vs_0][fw_2] eth4.1135:I[44]: 172.24.173.10 -> 172.25.112.22 (TCP) len=52 id=27886 TCP: 49594 -> 22 .S.... seq=14442ac1 ack=00000000 [vs_0][fw_2] eth4.1135:i[44]: 172.24.173.10 -> 172.25.112.22 (TCP) len=48 id=27887 TCP: 49594 -> 22 .S.... seq=14442ac1 ack=00000000 [vs_0][fw_2] eth4.1135:I[44]: 172.24.173.10 -> 172.25.112.22 (TCP) len=48 id=27887 TCP: 49594 -> 22 .S.... seq=14442ac1 ack=00000000 [vs_0][fw_0] eth4.1135:i[44]: 172.24.173.10 -> 172.25.112.22 (TCP) len=52 id=27888 TCP: 49607 -> 22 .S.... seq=eea159ee ack=00000000 [vs_0][fw_0] eth4.1135:I[44]: 172.24.173.10 -> 172.25.112.22 (TCP) len=52 id=27888 TCP: 49607 -> 22 .S.... seq=eea159ee ack=00000000 [vs_0][fw_0] eth4.1135:i[44]: 172.24.173.10 -> 172.25.112.22 (TCP) len=52 id=27889 TCP: 49607 -> 22 .S.... seq=eea159ee ack=00000000 [vs_0][fw_0] eth4.1135:I[44]: 172.24.173.10 -> 172.25.112.22 (TCP) len=52 id=27889 TCP: 49607 -> 22 .S.... seq=eea159ee ack=00000000 [vs_0][fw_0] eth4.1135:i[44]: 172.24.173.10 -> 172.25.112.22 (TCP) len=48 id=27890 TCP: 49607 -> 22 .S.... seq=eea159ee ack=00000000 [vs_0][fw_0] eth4.1135:I[44]: 172.24.173.10 -> 172.25.112.22 (TCP) len=48 id=27890 TCP: 49607 -> 22 .S.... seq=eea159ee ack=00000000 [vs_0][fw_2] eth4.1135:i[44]: 172.24.173.10 -> 172.25.112.22 (TCP) len=52 id=27891 TCP: 49638 -> 22 .S.... seq=3b25345e ack=00000000 [vs_0][fw_2] eth4.1135:I[44]: 172.24.173.10 -> 172.25.112.22 (TCP) len=52 id=27891 TCP: 49638 -> 22 .S.... seq=3b25345e ack=00000000 [vs_0][fw_2] eth4.1135:i[44]: 172.24.173.10 -> 172.25.112.22 (TCP) len=52 id=27892 TCP: 49638 -> 22 .S.... seq=3b25345e ack=00000000 [vs_0][fw_2] eth4.1135:I[44]: 172.24.173.10 -> 172.25.112.22 (TCP) len=52 id=27892 TCP: 49638 -> 22 .S.... seq=3b25345e ack=00000000 [vs_0][fw_2] eth4.1135:i[44]: 172.24.173.10 -> 172.25.112.22 (TCP) len=48 id=27893 TCP: 49638 -> 22 .S.... seq=3b25345e ack=00000000 [vs_0][fw_2] eth4.1135:I[44]: 172.24.173.10 -> 172.25.112.22 (TCP) len=48 id=27893 TCP: 49638 -> 22 .S.... seq=3b25345e ack=00000000 ^C monitor: caught sig 2 monitor: unloading PPAK 0: Get before set operation succeeded of fwmonitor_kiss_enable PPAK 0: Get before set operation succeeded of simple_debug_filter_off PPAK 0: Get before set operation succeeded of kiss_debug_force_kdprintf_enable PPAK 0: Get before set operation succeeded of fwmonitorfreebufs