comandos Fortinet

Captura de traficodiag sniffer packet port1 'host 10.84.162.9' 4 2

Niveles detallados en detalle:1: encabezado de impresin de los paquetes2: encabezado de impresin y datos de IP de los paquetes3: encabezado de impresin y datos de Ethernet de paquetes4: encabezado de impresin de los paquetes con nombre de la interfaz5: encabezado de impresin y datos de IP de los paquetes con nombre de la interfaz6: cabecera de impresin y los datos de Ethernet de paquetes con nombre de la interfaz

diag sniffer packet a

Interface es la interface por la que se va a capturar trafico.Filter Filtro de la traza a capturarVerbose nivel de detalle cmo se ha descrito yaCount numero de paquetes a capturar

Ejemplos# Paquete sniffer diag ninguno interna43interna en 192.168.0.1.22 -> 192.168.0.30.1144: psh 2859918764 1949135261 ackinterna en192.168.0.1.22 -> 192.168.0.30.1144: psh 2859918816 1949135261 ackinterna a cabo192.168. 0.30.1144 -> 192.168.0.1.22: ack 2859918884

diag sniffer packet internal none51internalin192.168.0.1.22 -> 192.168.0.30.1144: psh 2867817048 ack 19510619330x0000 4510 005c 8eb1 4000 4006 2a6b c0a8 0001 E..\..@.@.*k....0x0010 c0a8 001e 0016 0478 aaef 6a58 744a d7ad .......x..jXtJ..0x0020 5018 0b5c 8ab9 0000 9819 880b f465 62a8 P..\.........eb.0x0030 3eaf 3804 3fee 2555 8deb 24da dd0d c684 >.8.?.%U..$.....0x0040 08a9 7907 202d 5898 a85c facb 8c0a f9e5 ..y..-X..\......0x0050 bd9c b649 5318 7fc5 c415 5a59 ...IS.....ZY

# diag sniffer packet internal 'src host 192.168.0.130 and dst host 192.168.0.1' 1192.168.0.130.3426 -> 192.168.0.1.80: syn 1325244087192.168.0.1.80 -> 192.168.0.130.3426: syn 3483111189 ack 1325244088192.168.0.130.3426 -> 192.168.0.1.80: ack 3483111190192.168.0.130.3426 -> 192.168.0.1.80: psh 1325244088 ack 3483111190192.168.0.1.80 -> 192.168.0.130.3426: ack 1325244686192.168.0.130.1035 -> 192.168.0.1.53: udp 26192.168.0.130.1035 -> 192.168.0.1.53: udp 42192.168.0.130.1035 -> 192.168.0.1.53: udp 42192.168.0.130 -> 192.168.0.1: icmp: echo request192.168.0.130.3426 -> 192.168.0.1.80: psh 1325244686 ack 3483111190192.168.0.1.80 -> 192.168.0.130.3426: ack 1325244735192.168.0.130 -> 192.168.0.1: icmp: echo request

# diag sniffer packet internal 'src host 192.168.0.130 and dst host 192.168.0.1 and tcp' 1192.168.0.130.3569 -> 192.168.0.1.23: syn 1802541497192.168.0.1.23 -> 192.168.0.130.3569: syn 4238146022 ack 1802541498192.168.0.130.3569 -> 192.168.0.1.23: ack 4238146023

# diag sniffer packet internal 'host 192.168.0.130 and icmp' 1192.168.0.130 -> 192.168.0.1: icmp: echo request192.168.0.1 -> 192.168.0.130: icmp: echo reply

# diag sniffer packet internal 'host 192.168.0.130 or 192.168.0.1 and tcp port 80' 1192.168.0.130.3625 -> 192.168.0.1.80: syn 2057246590192.168.0.1.80 -> 192.168.0.130.3625: syn 3291168205 ack 2057246591192.168.0.130.3625 -> 192.168.0.1.80: ack 3291168206192.168.0.130.3625 -> 192.168.0.1.80: psh 2057246591 ack 3291168206192.168.0.1.80 -> 192.168.0.130.3625: ack 2057247265

Filtrada se puede utilizar para mostrar paquetes basndose en su contenido, utilizando posicin de byte hexadecimal.Match TTL = 1# diagnose sniffer packet port2 "ip[8:1] = 0x01"Match Source IP address = 192.168.1.2:# diagnose sniffer packet internal "(ether[26:4]=0xc0a80102)"Match Source MAC = 00:09:0f:89:10:ea# diagnose sniffer packet internal "(ether[6:4]=0x00090f89) and (ether[10:2]=0x10ea)"Match Destination MAC = 00:09:0f:89:10:ea# diagnose sniffer packet internal "(ether[0:4]=0x00090f89) and (ether[4:2]=0x10ea)"Match ARP packets only# diagnose sniffer packet internal "ether proto 0x0806"TCP or UDP flags can be addressed using the following:Match packets with RST flag set:# diagnose sniffer packet internal "tcp[13] & 4 != 0"Match packets with SYN flag set:# diagnose sniffer packet internal "tcp[13] & 2 != 0"Match packets with SYN-ACK flag set:# diagnose sniffer packet internal "tcp[13] = 18"Enlace documentacion tecnica http://docs.fortinet.com

Ver parmetros de la interfacediagnose hardware deviceinfo nic port1

Mostrar la configuracin general del appliance yestado de los mdulosget sys status123456789101112131415161718192021myfirewall1 # get sys statusVersion: Fortigate-50B v4.0,build0535,120511 (MR3 Patch 7)Virus-DB: 14.00000(2011-08-24 17:17)Extended DB: 14.00000(2011-08-24 17:09)IPS-DB: 3.00150(2012-02-15 23:15)FortiClient application signature package: 1.529(2012-10-09 10:00)Serial-Number: FGT50B1234567890BIOS version: 04000010Log hard disk: Not availableHostname: myfirewall1Operation Mode: NATCurrent virtual domain: rootMax number of virtual domains: 10Virtual domains status: 1 in NAT mode, 0 in TP modeVirtual domain configuration: disableFIPS-CC mode: disableCurrent HA mode: standaloneDistribution: InternationalBranch point: 234Release Version Information: MR3 Patch 7System time: Thu Nov 15 13:12:30 2012

Mostrar lasestadsticas del trficohasta el momento:get system performance firewall statistics

1234567891011121314151617myfirewall1 # get system performance firewall statisticsgetting traffic statistics...Browsing: 544083 packets, 80679942 bytesDNS: 19333 packets, 2400831 bytesE-Mail: 52 packets, 3132 bytesFTP: 0 packets, 0 bytesGaming: 0 packets, 0 bytesIM: 0 packets, 0 bytesNewsgroups: 0 packets, 0 bytesP2P: 0 packets, 0 bytesStreaming: 0 packets, 0 bytesTFTP: 0 packets, 0 bytesVoIP: 0 packets, 0 bytesGeneric TCP: 13460 packets, 1301879 bytesGeneric UDP: 7056 packets, 647156 bytesGeneric ICMP: 172 packets, 11804 bytesGeneric IP: 26 packets, 832 bytes

Mostrar el estadodel CPUy tiempoprendido:get system performance status2345678910myfirewall1 # get system performance statusCPU states: 0% user 0% system 0% nice 100% idleCPU0 states: 0% user 0% system 0% nice 100% idleMemory states: 48% usedAverage network usage: 1 kbps in 1 minute, 0 kbps in 10 minutes, 0 kbps in 30 minutesAverage sessions: 0 sessions in 1 minute, 0 sessions in 10 minutes, 0 sessions in 30 minutesAverage session setup rate: 0 sessions per second in last 1 minute, 0 sessions per second in last 10 minutes, 0 sessions per second in last 30 minutesVirus caught: 0 total in 1 minuteIPS attacks blocked: 0 total in 1 minuteUptime: 24 days, 11 hours, 25 minutes

Mostrar el uso del CPU ordenado por los procesos de mayor peso:get system performance top

1234567891011121314151617181920212223myfirewall1 # get system performance topRun Time: 24 days, 11 hours and 26 minutes0U, 0S, 100I; 249T, 119F, 60KFinitXXXXXXXXXXX 1 S 0.0 4.5cmdbsvr 23 S 0.0 6.8zebos_launcher 27 S 0.0 4.7uploadd 28 S 0.0 4.6miglogd 29 S 0.0 5.9miglogd 30 S 0.0 4.6httpsd 31 S 0.0 7.0nsm 32 S 0.0 1.1ripd 33 S 0.0 0.9ripngd 34 S 0.0 0.9ospfd 35 S 0.0 0.9proxyd 36 S 0.0 4.6wad_diskd 37 S 0.0 4.6scanunitd 38 S < 0.0 4.9ospf6d 39 S 0.0 0.9bgpd 40 S 0.0 1.0isisd 41 S 0.0 0.9proxyacceptor 42 S 0.0 0.7proxyworker 43 S 0.0 1.8getty 44 S < 0.0 4.6

Mostrar el estadodel mdulo de HighAvailability:get sys ha status123456789101112myfirewall1 # get sys ha statusModel: 311Mode: a-pGroup: 0Debug: 0ses_pickup: enableMaster:254 myfirewall1 FG311B1111111111 0Slave :128 myfirewall2 FG311B1111111112 1number of vcluster: 1vcluster 1: work 10.0.0.1Master:0 FG311B1111111111Slave :1 FG311B1111111112

Verificar la tabla de sesiones del Firewall: diag sys session full-stat

123456789101112131415161718192021myfirewall1 # diag sys session full-statsession table: table_size=65536 max_depth=1 used=2expect session table: table_size=1024 max_depth=0 used=0misc info: session_count=1 setup_rate=0 exp_count=0 clash=0memory_tension_drop=0 ephemeral=0/16368 removeable=0 ha_scan=0delete=0, flush=0, dev_down=0/0TCP sessions:1 in ESTABLISHED statefirewall error stat:error1=00000000error2=00000000error3=00000000error4=00000000tt=00000000cont=00000000ids_recv=00000000url_recv=00000000av_recv=00000000fqdn_count=00000000tcp reset stat:syncqf=0 acceptqf=0 no-listener=11025 data=0 ses=0 ips=0

comandos Fortinet

Documents

Transcript of comandos Fortinet