FAILOVER - LOGGING - VPN - MONITORING NAT - CAPTURE - PROCESSORE E MEMORIA |
FAILOVER
abc
paragrafo
- unita' secondaria:
L'unita' secondaria va configurata solo con gli ip delle interfacce
ethernet (che devono essere uguali a quelle del pix primario, ma che non
vengono usate dal secondario) e con gli ip di failover (anche questi
uguali a quelli configurati nell'unita' primaria). Il resto lo deve
copiare dalla primaria.
- "failover active" <--- forza l'unita' nello stato di attivo
- "no failover active" <--- forza l'unita' nello stato standby
- Per disabilitare il LAN failover link:
"no failover"
"no failover lan enable" <-- usera' da ora in poi
il cavo seriale se connesso
- "show failover"
Se e' attivo il failover via ethernet si deve leggere:
...
Serial Failover Cable status: My side not connected
...
Lan Based Failover is Active
interface intf2 (192.168.12.1): Normal, peer (192.168.12.2) Normal
- Abilita il falover su lan:
"failover lan interface interface" <-- identifica la ethernet che
si usa come failover
"failover lan enable" <-- abilita il lan-based failover link
1. SITUAZIONE INIZIALE
test-Firewall# show
logging
Syslog logging: disabled
Facility: 20
Timestamp logging: disabled
Standby logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: disabled
Trap logging: disabled
History logging: disabled
Device ID: disabled
test-Firewall#
2. ATTIVIAMO IL LOGGING SULLA CONSOLE (PER VEDERE IL DEBUG BASTA "TERM MON" NON SERVE IL "LOGGING ON")
test-Firewall# conf t
test-Firewall(config)# logging monitor 4
test-Firewall(config)# logging on
test-Firewall(config)# term mon
test-Firewall# show
logging
Syslog logging:
enabled
Facility: 20
Timestamp logging: disabled
Standby logging: disabled
Console logging: disabled
Monitor logging: level warnings, 1227 messages logged
Buffer logging: disabled
Trap logging: disabled
<--- QUESTO E' IL SYSLOG QUI E' DISABILITATO
History logging: disabled
Device ID: disabled
test-Firewall#
106014: Deny inbound icmp src outside:85.11.160.6 dst
inside:85.47.205.154 (type 3, code 1)
test-Firewall#
test-Firewall#
106007: Deny inbound UDP from 151.99.0.100/53 to 85.47.205.154/2016 due
to DNS Response
106007: Deny inbound UDP from 151.99.0.100/53 to 85.47.205.154/2018 due
to DNS Response
106007: Deny inbound UDP from 151.99.0.100/53 to 85.47.205.154/2016 due
to DNS Response
106014: Deny inbound icmp src outside:85.47.205.153 dst
inside:85.47.205.154 (type 11, code 0)
106014: Deny inbound icmp src outside:85.33.194.137 dst
inside:85.47.205.154 (type 11, code 0)
106014: Deny inbound icmp src outside:80.21.193.151 dst
inside:85.47.205.154 (type 11, code 0)
COME MONITORARE ACCESS-LIST
access-list from_internet25
permit tcp host IPPUBBLICO any eq www log 2 <---
Notate il 2. Questo messaggio diventa "critical" cosi' da
permetterci di prendere solo i messaggi critici di sistema
filtrando bene questo contenuto
2. FACCIAMO IN MODO DI VEDERE SOLO LA NAVIGAZIONE INTERNET
Il messaggio di log relativo
all'URL di un sito WEB e' 304001. Tale messaggio per default e' al
livello "notification" insieme
a molti altri messaggi di log. La lettura di tali eventi non e' facile
da monitor in quanto attivare il livello "notification" vuol
dire creare un'infinita' di messaggi sullo schermo. Poiche' il livello
"alert" visualizza poche segnalazioni possiamo spostare
temporaneamente 304001 su alert in modo da vedere solo questi messaggi:
test-Firewall# show logging
message 304001
syslog 304001: default-level notifications (enabled)
304001: 192.168.80.56
Accessed URL 194.97.50.2:/webchat/load.webchat?id=2324
test-Firewall(config)#
logging message 304001 level 1
test-Firewall(config)# exit
test-Firewall#
test-Firewall# show logging
Syslog logging: enabled
Facility: 20
Timestamp logging: disabled
Standby logging: disabled
Console logging: disabled
Monitor logging: level alerts, 1851 messages logged
Buffer logging: disabled
Trap logging: disabled
History logging: disabled
Device ID: disabled
test-Firewall# conf t
test-Firewall(config)# logging on
test-Firewall(config)# term mon
304001: 192.168.80.56 Accessed URL 194.97.50.2:/webchat/load.webchat?id=2441
304001: 192.168.0.104 Accessed URL 213.215.144.113:/res/html/video.shtml?BlueJeans.wmv
304001: 192.168.0.104 Accessed URL 213.215.144.113:/res/img/freccinaLinks.gif
304001: 192.168.0.104 Accessed URL 213.215.144.113:/res/css/style.css
304001: 192.168.0.104 Accessed URL 212.239.41.101:/a1.js
304001: 192.168.0.104 Accessed URL 213.215.144.113:/res/img/titoloSpeciale.gif
304001: 192.168.0.104 Accessed URL 213.215.144.139:/nonsolomoda/BlueJeans.wmv
304001: 192.168.0.104 Accessed URL 212.239.41.101:/cgi-bin/count?url=&rnd=1128607804359&cid=it_gruppomediaset-it_0&ref=&sr=sr1400x1050:cd32:lges:jey:cky:tz2:ctlan:hpn
304001: 192.168.0.153 Accessed URL 194.250.98.1:/Cwf/Citroen/GenericListRubric.aspx?RubricId=65988e05-0ac5-4e3e-a354-7e39eec96b29
Altra configurazione con buffered+syslog server:
logging enable
logging timestamp
logging buffer-size 1048576
logging buffered alerts
logging message 304001 level alerts
logging host inside 10.0.4.215
|
Disgraziatamente pare non vi sia modo di mandare up una VPN dall'interno di un PIX. Nel caso di IOS basta fare un ping esteso per creare del traffico interessante. Per il PIX un 'ping inside' non serve allo scopo e, se la VPN e' up, non si pinga neanche' l'altro capo.
Da conf:
logging on
logging monitor 7
term mon
Per attivare il debug di una VPN IPSEC:
debug crypto isakmp
debug crypto ipsec
Se la vpn va up deve apparire qui:
show crypto isakmp sa
Se si fanno modifiche alla configurazione mentre
si lavora con IPSEC ricordarsi di azzerare con, in conf mode:
clear crypto ipsec sa
In questo esempio vi sono 2 VPN up:
cliente# sh crypto isakmp sa
Total : 2
Embryonic : 0
dst
src state
pending created
82.104.151.2 217.133.227.18
QM_IDLE 0 1
217.133.227.10 217.133.227.18 QM_IDLE
0 0
cliente#
Ed ecco come appaiono i dettagli delle due vpn (mentre sono up):
sh crypto sa
interface: outside
Crypto map tag: outside_map, local addr. 217.133.227.18
local ident (addr/mask/prot/port): (190.190.0.0/255.255.0.0/0/0)
remote ident (addr/mask/prot/port): (130.130.0.0/255.255.0.0/0/0)
current_peer: 82.104.151.2:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 139170, #pkts encrypt: 139170, #pkts digest 139170
#pkts decaps: 88146, #pkts decrypt: 88146, #pkts verify 88146
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 2, #recv errors 0
local crypto endpt.: 217.133.227.18, remote crypto endpt.: 82.104.151.2
path mtu 1200, ipsec overhead 56, media mtu 1200
current outbound spi: 6f5776ce
inbound esp sas:
spi: 0x35d2ba10(903002640)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5, crypto map: outside_map
sa timing: remaining key lifetime (k/sec): (4606259/27373)
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x6f5776ce(1868003022)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 6, crypto map: outside_map
sa timing: remaining key lifetime (k/sec): (4567534/27368)
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
local ident (addr/mask/prot/port): (190.190.0.0/255.255.0.0/0/0)
remote ident (addr/mask/prot/port): (ita_casa/255.255.255.0/0/0)
current_peer: 217.133.227.10:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 1607522, #pkts encrypt: 1607522, #pkts digest 1607522
#pkts decaps: 984219, #pkts decrypt: 984219, #pkts verify 984219
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 2, #recv errors 0
local crypto endpt.: 217.133.227.18, remote crypto endpt.: 217.133.227.10
path mtu 1200, ipsec overhead 56, media mtu 1200
current outbound spi: c32bcf69
inbound esp sas:
spi: 0xb5ad7881(3048044673)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 4, crypto map: outside_map
sa timing: remaining key lifetime (k/sec): (4606450/11808)
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xc32bcf69(3274428265)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 3, crypto map: outside_map
sa timing: remaining key lifetime (k/sec): (4570446/11799)
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
Vediamo chi c'e' connesso
test-Firewall#
show conn227 in use, 2236 most used
UDP out 161.52.245.11:161 in 192.168.0.194:1026 idle 0:00:00 flags -
GRE out 213.201.88.142:7576 in 192.168.0.143:1723 idle 0:00:51 bytes 2809432 flags PG
TCP out 85.64.155.148:443 in 192.168.0.32:1054 idle 0:00:57 Bytes 2288 flags UIO
UDP out 161.52.245.2:161 in 192.168.0.138:1025 idle 0:00:08 flags -
TCP out 192.168.100.12:445 in 192.168.0.142:1027 idle 0:00:43 Bytes 56127 flags UIO
TCP out 192.168.100.12:445 in 192.168.0.142:1031 idle 0:00:09 Bytes 3954 flags UIO
UDP out 69.22.236.47:1038 in 192.168.0.178:42312 idle 0:00:42 flags -
UDP out 161.52.245.10:161 in 192.168.0.143:1028 idle 0:01:06 flags -
UDP out 161.52.245.14:161 in 192.168.0.32:1050 idle 0:00:05 flags -
UDP out 84.194.223.232:24183 in 192.168.0.178:42312 idle 0:00:26 flags -
GRE out 213.201.88.142:1723 in 192.168.0.41:16384 idle 0:00:43 bytes 1477167 flags EG
UDP out 217.199.102.109:49729 in 192.168.0.160:56576 idle 0:00:17 flags -
TCP out 143.252.156.16:80 in 192.168.0.105:1390 idle 0:07:48 Bytes 12135 flags UfFRIO
TCP out 213.201.88.142:1723 in 192.168.0.190:1115 idle 0:00:10 Bytes 1280 flags UIOG
<--- More --->
TCP out 209.11.67.31:80 in 192.168.0.190:1175 idle 0:00:46 Bytes 1465 flags UIO
TCP out 213.201.88.142:1723 in 192.168.0.142:1039 idle 0:00:18 Bytes 632 flags UIOG
TCP out 143.252.156.16:80 in 192.168.0.105:1417 idle 0:05:00 Bytes 5839 flags UfFRIO
TCP out 143.252.156.16:80 in 192.168.0.105:1409 idle 0:05:48 Bytes 3864 flags UfFRIO
TCP out 62.149.130.80:80 in 192.168.0.116:1407 idle 0:00:04 Bytes 2263 flags UIO
TCP out 143.252.156.16:80 in 192.168.0.105:1449 idle 0:01:13 Bytes 11730 flags UfFRIO
UDP out 84.114.202.33:50470 in 192.168.0.174:43931 idle 0:00:09 flags -
UDP out 68.38.219.137:3270 in 192.168.0.174:43931 idle 0:01:19 flags -
UDP out 161.52.104.194:161 in 192.168.0.102:1026 idle 0:00:28 flags -
GRE out 213.201.88.142:1723 in 192.168.0.176:32768 idle 0:00:24 bytes 32114 flags EG
TCP out 80.216.191.77:2020 in 192.168.0.190:1068 idle 0:00:19 Bytes 31051 flags UIO
TCP out 192.168.100.9:445 in 192.168.0.14:2425 idle 0:00:03 Bytes 3761 flags UIO
GRE out 213.201.88.142:1723 in 192.168.0.155:49152 idle 0:00:53 bytes 3544508 flags EG
TCP out 80.100.13.160:26013 in 192.168.0.201:1039 idle 0:00:41 Bytes 2651 flags UIO
TCP out 143.252.156.16:80 in 192.168.0.105:1470 idle 0:00:00 Bytes 682 flags UIO
TCP out 143.252.156.16:80 in 192.168.0.105:1469 idle 0:00:00 Bytes 644 flags UIO
UDP out 207.46.130.100:123 in 192.168.0.75:123 idle 0:01:20 flags -
TCP out 213.201.88.142:1723 in 192.168.0.105:1048 idle 0:00:02 Bytes 1928 flags UIOG
...
test-Firewall# show conn local 192.168.0.117
231 in use, 2236 most used
TCP out 66.48.97.11:80 in 192.168.0.117:2031 idle 0:09:11 Bytes 24183 flags UFRIO
TCP out 66.48.97.11:80 in 192.168.0.117:2030 idle 0:09:11 Bytes 26091 flags UFRIO
TCP out 207.139.24.245:80 in 192.168.0.117:2028 idle 0:09:11 Bytes 31613 flags UFRIO
TCP out 207.139.24.245:80 in 192.168.0.117:2029 idle 0:09:09 Bytes 41736 flags UFRIO
TCP out 212.239.39.154:80 in 192.168.0.117:2025 idle 0:09:23 Bytes 7999 flags UFRIO
test-Firewall#
test-Firewall# show conn local 192.168.0.117
Ho msn attivo sul mio PC:
test-Firewall# show conn local 192.168.0.99 state up
388 in use, 2236 most used
TCP out 207.46.0.74:1863 in 192.168.0.99:3666 idle 0:00:38 Bytes 9747 flags UIO
Chiudo msn:
test-Firewall# show conn local 192.168.0.99 state up
402 in use, 2236 most used
Apro una pagina web nel mio pc:
test-Firewall# show conn local 192.168.0.99 state up
416 in use, 2236 most used
TCP out 198.133.219.25:80 in 192.168.0.99:3940 idle 0:00:02 Bytes 1099 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3937 idle 0:00:02 Bytes 1114 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3936 idle 0:00:01 Bytes 2211 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3939 idle 0:00:02 Bytes 1098 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3938 idle 0:00:02 Bytes 634 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3933 idle 0:00:01 Bytes 2205 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3932 idle 0:00:01 Bytes 2188 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3935 idle 0:00:01 Bytes 1760 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3934 idle 0:00:01 Bytes 1294 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3929 idle 0:00:01 Bytes 4391 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3931 idle 0:00:02 Bytes 2188 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3930 idle 0:00:01 Bytes 2190 flags UIO
Chiudo la pagina web e in tempo reale spariscono le connessioni:
test-Firewall# show conn local 192.168.0.99 state up
Un'altra prova:
test-Firewall# show conn local 192.168.0.99 state up
376 in use, 2236 most used
TCP out 198.133.219.25:80 in 192.168.0.99:3940 idle 0:00:41 Bytes 1099 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3937 idle 0:00:41 Bytes 1114 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3936 idle 0:00:41 Bytes 2211 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3939 idle 0:00:41 Bytes 1098 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3938 idle 0:00:41 Bytes 634 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3933 idle 0:00:41 Bytes 2205 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3932 idle 0:00:41 Bytes 2188 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3935 idle 0:00:41 Bytes 1760 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3934 idle 0:00:41 Bytes 1294 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3929 idle 0:00:41 Bytes 4391 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3931 idle 0:00:41 Bytes 2188 flags UIO
TCP out 198.133.219.25:80 in 192.168.0.99:3930 idle 0:00:41 Bytes 2190 flags UIO
test-Firewall# show conn local 192.168.0.99 state up
405 in use, 2236 most used
test-Firewall#
Supponiamo di voler monitorare un IP specifico o un tipo specifico di connessione.
In questo esempio il traffico del mio pc nella rete privata 192.168.0.99.
1. Creo un access-list non associata a nessuna interfaccia:
access-list PROVA permit ip host 192.168.0.99 any
2. Creo la cattura (il buffer di default e' 512kB. Oltre si sovrascrive)
test-Firewall# capture PIPPO access-list PROVA circular-buffer interface inside
3. Verifico che la capture e' ok:
test-Firewall# show capture
capture PIPPO access-list PROVA interface inside circular-buffer
4. Apro una pagina web nel mio pc e vedo cosa ha catturato:
test-Firewall# show capture PIPPO
111 packets captured
03:29:42.858338 192.168.0.99.4069 > 172.16.20.1.22: . ack 3536423698 win 65495
03:29:43.077022 192.168.0.99.4069 > 172.16.20.1.22: . ack 3536423754 win 65439
03:29:46.392527 192.168.0.99.4122 > 198.133.219.25.80: S 2757732666:2757732666(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK>
03:29:46.583252 192.168.0.99.4122 > 198.133.219.25.80: . ack 977408631 win 65535
03:29:46.583572 192.168.0.99.4122 > 198.133.219.25.80: P 2757732667:2757733036(369) ack 977408631 win 65535
03:29:46.780919 192.168.0.99.4122 > 198.133.219.25.80: . ack 977409223 win 64944
03:29:46.781194 192.168.0.99.4122 > 198.133.219.25.80: F 2757733036:2757733036(0) ack 977409223 win 64944
03:29:46.781911 192.168.0.99.4123 > 198.133.219.25.80: S 2129386655:2129386655(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK>
03:29:46.972819 192.168.0.99.4123 > 198.133.219.25.80: . ack 977429149 win 65535
03:29:46.973139 192.168.0.99.4123 > 198.133.219.25.80: P 2129386656:2129387023(367) ack 977429149 win 65535
03:29:47.298995 192.168.0.99.4123 > 198.133.219.25.80: . ack 977431909 win 65535
03:29:47.321425 192.168.0.99.4124 > 198.133.219.25.80: S 212925725:212925725(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK>
03:29:47.491948 192.168.0.99.4123 > 198.133.219.25.80: . ack 977434669 win 65535
03:29:47.492223 192.168.0.99.4123 > 198.133.219.25.80: . ack 977436049 win 65535
03:29:47.512165 192.168.0.99.4124 > 198.133.219.25.80: . ack 977450585 win 65535
03:29:47.512760 192.168.0.99.4124 > 198.133.219.25.80: P 212925726:212926670(944) ack 977450585 win 65535
03:29:47.685038 192.168.0.99.4123 > 198.133.219.25.80: . ack 977438809 win 65535
03:29:47.685404 192.168.0.99.4123 > 198.133.219.25.80: . ack 977440189 win 65535
03:29:47.686060 192.168.0.99.4123 > 198.133.219.25.80: . ack 977442949 win 65535
03:29:47.721871 192.168.0.99.4124 > 198.133.219.25.80: P 212926670:212927614(944) ack 977450735 win 65385
03:29:47.721993 192.168.0.99.4125 > 198.133.219.25.80: S 838140304:838140304(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK>
03:29:47.722695 192.168.0.99.4126 > 198.133.219.25.80: S 1136695009:1136695009(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK>
03:29:47.723320 192.168.0.99.4127 > 198.133.219.25.80: S 2253270890:2253270890(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK>
03:29:47.724037 192.168.0.99.4128 > 198.133.219.25.80: S 923182244:923182244(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK>
03:29:47.724755 192.168.0.99.4129 > 198.133.219.25.80: S 430797927:430797927(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK>
03:29:47.725548 192.168.0.99.4130 > 198.133.219.25.80: S 97907516:97907516(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK>
03:29:47.726173 192.168.0.99.4131 > 198.133.219.25.80: S 2554801244:2554801244(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK>
03:29:47.726708 192.168.0.99.4132 > 198.133.219.25.80: S 2619413703:2619413703(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK>
03:29:47.877807 192.168.0.99.4123 > 198.133.219.25.80: . ack 977444525 win 65535
03:29:47.878433 192.168.0.99.4123 > 198.133.219.25.80: . ack 977446219 win 65535
03:29:47.878876 192.168.0.99.4123 > 198.133.219.25.80: F 2129387023:2129387023(0) ack 977446219 win 65535
03:29:47.879669 192.168.0.99.4133 > 198.133.219.25.80: S 1458901787:1458901787(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK>
03:29:47.913115 192.168.0.99.4125 > 198.133.219.25.80: . ack 977468189 win 65535
03:29:47.913206 192.168.0.99.4126 > 198.133.219.25.80: . ack 977468421 win 65535
03:29:47.913755 192.168.0.99.4125 > 198.133.219.25.80: P 838140305:838141254(949) ack 977468189 win 65535
03:29:47.914015 192.168.0.99.4126 > 198.133.219.25.80: P 1136695010:1136695948(938) ack 977468421 win 65535
03:29:47.914259 192.168.0.99.4127 > 198.133.219.25.80: . ack 977468639 win 65535
03:29:47.914808 192.168.0.99.4127 > 198.133.219.25.80: P 2253270891:2253271833(942) ack 977468639 win 65535
03:29:47.914839 192.168.0.99.4128 > 198.133.219.25.80: . ack 977468657 win 65535
03:29:47.915434 192.168.0.99.4128 > 198.133.219.25.80: P 923182245:923183185(940) ack 977468657 win 65535
03:29:47.915464 192.168.0.99.4129 > 198.133.219.25.80: . ack 977468797 win 65535
03:29:47.915541 192.168.0.99.4129 > 198.133.219.25.80: P 430797928:430798433(505) ack 977468797 win 65535
03:29:47.916563 192.168.0.99.4130 > 198.133.219.25.80: . ack 977468985 win 65535
03:29:47.916670 192.168.0.99.4131 > 198.133.219.25.80: . ack 977469117 win 65535
03:29:47.917204 192.168.0.99.4130 > 198.133.219.25.80: P 97907517:97908486(969) ack 977468985 win 65535
03:29:47.917463 192.168.0.99.4131 > 198.133.219.25.80: P 2554801245:2554802210(965) ack 977469117 win 65535
03:29:47.917494 192.168.0.99.4132 > 198.133.219.25.80: . ack 977469325 win 65535
03:29:47.917890 192.168.0.99.4132 > 198.133.219.25.80: P 2619413704:2619414669(965) ack 977469325 win 65535
03:29:47.932187 192.168.0.99.4124 > 198.133.219.25.80: P 212927614:212928559(945) ack 977450884 win 65236
03:29:47.932385 192.168.0.99.4134 > 198.133.219.25.80: S 267786102:267786102(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK>
03:29:47.933377 192.168.0.99.4135 > 198.133.219.25.80: S 2097022889:2097022889(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK>
03:29:48.070369 192.168.0.99.4133 > 198.133.219.25.80: . ack 977476857 win 65535
03:29:48.070720 192.168.0.99.4133 > 198.133.219.25.80: P 1458901788:1458902274(486) ack 977476857 win 65535
03:29:48.123574 192.168.0.99.4134 > 198.133.219.25.80: . ack 977478455 win 65535
03:29:48.124154 192.168.0.99.4134 > 198.133.219.25.80: P 267786103:267787051(948) ack 977478455 win 65535
03:29:48.124444 192.168.0.99.4135 > 198.133.219.25.80: . ack 977478469 win 65535
03:29:48.125039 192.168.0.99.4135 > 198.133.219.25.80: P 2097022890:2097023839(949) ack 977478469 win 65535
03:29:48.326933 192.168.0.99.4127 > 198.133.219.25.80: . ack 977468788 win 65386
03:29:48.327024 192.168.0.99.4126 > 198.133.219.25.80: . ack 977468569 win 65387
03:29:48.327116 192.168.0.99.4125 > 198.133.219.25.80: . ack 977468337 win 65387
03:29:48.327223 192.168.0.99.4128 > 198.133.219.25.80: . ack 977468806 win 65386
03:29:48.327253 192.168.0.99.4129 > 198.133.219.25.80: . ack 977468946 win 65386
03:29:48.327314 192.168.0.99.4131 > 198.133.219.25.80: . ack 977469266 win 65386
03:29:48.327421 192.168.0.99.4132 > 198.133.219.25.80: . ack 977469474 win 65386
03:29:48.327512 192.168.0.99.4130 > 198.133.219.25.80: . ack 977469135 win 65385
03:29:48.328977 192.168.0.99.4127 > 198.133.219.25.80: P 2253271833:2253272786(953) ack 977468788 win 65386
03:29:48.436241 192.168.0.99.4134 > 198.133.219.25.80: . ack 977478605 win 65385
03:29:48.436333 192.168.0.99.4135 > 198.133.219.25.80: . ack 977478619 win 65385
03:29:48.436424 192.168.0.99.4133 > 198.133.219.25.80: . ack 977477005 win 65387
03:29:48.436455 192.168.0.99.4124 > 198.133.219.25.80: . ack 977451034 win 65086
03:29:48.548021 192.168.0.99.4130 > 198.133.219.25.80: P 97908486:97909453(967) ack 977469135 win 65385
03:29:48.548540 192.168.0.99.4132 > 198.133.219.25.80: P 2619414669:2619415617(948) ack 977469474 win 65386
03:29:48.549928 192.168.0.99.4126 > 198.133.219.25.80: P 1136695948:1136696893(945) ack 977468569 win 65387
03:29:48.551012 192.168.0.99.4128 > 198.133.219.25.80: P 923183185:923183675(490) ack 977468806 win 65386
03:29:48.551530 192.168.0.99.4125 > 198.133.219.25.80: P 838141254:838141746(492) ack 977468337 win 65387
03:29:48.553972 192.168.0.99.4131 > 198.133.219.25.80: P 2554802210:2554803170(960) ack 977469266 win 65386
03:29:48.654964 192.168.0.99.4127 > 198.133.219.25.80: . ack 977468937 win 65237
03:29:48.785909 192.168.0.99.4124 > 198.133.219.25.80: P 212928559:212929508(949) ack 977451034 win 65086
03:29:48.811908 192.168.0.99.4069 > 172.16.20.1.22: P 1475565034:1475565054(20) ack 3536423754 win 65439
03:29:48.873688 192.168.0.99.4125 > 198.133.219.25.80: . ack 977468486 win 65238
03:29:48.873779 192.168.0.99.4128 > 198.133.219.25.80: . ack 977468956 win 65236
03:29:48.873886 192.168.0.99.4126 > 198.133.219.25.80: . ack 977468717 win 65239
03:29:48.873978 192.168.0.99.4131 > 198.133.219.25.80: . ack 977469415 win 65237
03:29:48.874069 192.168.0.99.4132 > 198.133.219.25.80: . ack 977469623 win 65237
03:29:48.874100 192.168.0.99.4130 > 198.133.219.25.80: . ack 977469284 win 65236
03:29:48.927228 192.168.0.99.4069 > 172.16.20.1.22: P 1475565054:1475565074(20) ack 3536423774 win 65419
03:29:49.037458 192.168.0.99.4069 > 172.16.20.1.22: P 1475565074:1475565094(20) ack 3536423794 win 65399
03:29:49.047345 192.168.0.99.4069 > 172.16.20.1.22: P 1475565094:1475565114(20) ack 3536423814 win 65379
03:29:49.201893 192.168.0.99.4069 > 172.16.20.1.22: . ack 3536423834 win 65359
03:29:49.201939 192.168.0.99.4124 > 198.133.219.25.80: . ack 977451182 win 64938
03:29:49.222064 192.168.0.99.4069 > 172.16.20.1.22: P 1475565114:1475565134(20) ack 3536423834 win 65359
03:29:49.287628 192.168.0.99.4069 > 172.16.20.1.22: P 1475565134:1475565154(20) ack 3536423854 win 65339
03:29:49.409189 192.168.0.99.4069 > 172.16.20.1.22: P 1475565154:1475565174(20) ack 3536423874 win 65319
03:29:49.529940 192.168.0.99.4069 > 172.16.20.1.22: . ack 3536423894 win 65299
03:29:49.569337 192.168.0.99.4069 > 172.16.20.1.22: P 1475565174:1475565194(20) ack 3536423894 win 65299
03:29:49.748618 192.168.0.99.4069 > 172.16.20.1.22: . ack 3536423914 win 65279
03:29:49.774114 192.168.0.99.4069 > 172.16.20.1.22: P 1475565194:1475565214(20) ack 3536423914 win 65279
03:29:49.919691 192.168.0.99.4069 > 172.16.20.1.22: P 1475565214:1475565234(20) ack 3536423934 win 65259
03:29:50.024809 192.168.0.99.4069 > 172.16.20.1.22: P 1475565234:1475565254(20) ack 3536423954 win 65239
03:29:50.097956 192.168.0.99.4069 > 172.16.20.1.22: P 1475565254:1475565274(20) ack 3536423974 win 65219
03:29:50.187948 192.168.0.99.4069 > 172.16.20.1.22: P 1475565274:1475565294(20) ack 3536423994 win 65199
03:29:50.404901 192.168.0.99.4069 > 172.16.20.1.22: . ack 3536424014 win 65179
03:29:50.442405 192.168.0.99.4069 > 172.16.20.1.22: P 1475565294:1475565314(20) ack 3536424014 win 65179
03:29:50.622541 192.168.0.99.4069 > 172.16.20.1.22: P 1475565314:1475565334(20) ack 3536424034 win 65159
03:29:50.732979 192.168.0.99.4069 > 172.16.20.1.22: . ack 3536424054 win 65139
03:29:50.772756 192.168.0.99.4069 > 172.16.20.1.22: P 1475565334:1475565354(20) ack 3536424054 win 65139
03:29:50.938229 192.168.0.99.4069 > 172.16.20.1.22: P 1475565354:1475565374(20) ack 3536424074 win 65119
03:29:51.061108 192.168.0.99.4069 > 172.16.20.1.22: . ack 3536424094 win 65099
03:29:51.093028 192.168.0.99.4069 > 172.16.20.1.22: P 1475565374:1475565394(20) ack 3536424094 win 65099
03:29:51.279862 192.168.0.99.4069 > 172.16.20.1.22: . ack 3536424114 win 65079
03:29:51.388606 192.168.0.99.4069 > 172.16.20.1.22: P 1475565394:1475565414(20) ack 3536424114 win 65079
111 packets shown
4. Svuotiamo il buffer del capture:
test-Firewall# clear capture PIPPO
6. Cambiando l'access-list in modo da prendere anche il traffico di input:
access-list PROVA permit ip host 192.168.0.99 any
access-list PROVA permit ip any host 192.168.0.99
e apriamo una pagina web:
test-Firewall# show capture PIPPO
171 packets captured
03:43:24.674159 192.168.0.99.4069 > 172.16.20.1.22: . ack 3536541470 win 65195
03:43:24.674220 172.16.20.1.22 > 192.168.0.99.4069: P 3536541470:3536541506(36) ack 1475577094 win 4096
03:43:24.892959 192.168.0.99.4069 > 172.16.20.1.22: . ack 3536541506 win 65159
03:43:29.019484 192.168.0.99.1075 > 151.99.0.100.53: udp 31
03:43:29.158851 151.99.0.100.53 > 192.168.0.99.1075: udp 87
03:43:29.160895 192.168.0.99.4138 > 198.133.219.25.80: S 2162343820:2162343820(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK>
03:43:29.351681 198.133.219.25.80 > 192.168.0.99.4138: S 1010079626:1010079626(0) ack 2162343821 win 8192 <mss 1380>
03:43:29.352230 192.168.0.99.4138 > 198.133.219.25.80: . ack 1010079627 win 65535
03:43:29.352566 192.168.0.99.4138 > 198.133.219.25.80: P 2162343821:2162344190(369) ack 1010079627 win 65535
03:43:29.543444 198.133.219.25.80 > 192.168.0.99.4138: . ack 2162344190 win 64491
03:43:29.548097 198.133.219.25.80 > 192.168.0.99.4138: P 1010079627:1010080218(591) ack 2162344190 win 64860
03:43:29.548143 198.133.219.25.80 > 192.168.0.99.4138: F 1010080218:1010080218(0) ack 2162344190 win 64860
03:43:29.549043 192.168.0.99.4138 > 198.133.219.25.80: . ack 1010080219 win 64944
03:43:29.549318 192.168.0.99.4138 > 198.133.219.25.80: F 2162344190:2162344190(0) ack 1010080219 win 64944
03:43:29.549974 192.168.0.99.4139 > 198.133.219.25.80: S 396756458:396756458(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK>
03:43:29.739555 198.133.219.25.80 > 192.168.0.99.4138: . ack 2162344191 win 64860
03:43:29.739997 198.133.219.25.80 > 192.168.0.99.4139: S 1010095312:1010095312(0) ack 396756459 win 8192 <mss 1380>
03:43:29.740485 192.168.0.99.4139 > 198.133.219.25.80: . ack 1010095313 win 65535
03:43:29.740806 192.168.0.99.4139 > 198.133.219.25.80: P 396756459:396756826(367) ack 1010095313 win 65535
03:43:29.931836 198.133.219.25.80 > 192.168.0.99.4139: . ack 396756826 win 64493
03:43:29.970271 198.133.219.25.80 > 192.168.0.99.4139: . 1010095313:1010096693(1380) ack 396756826 win 64860
03:43:29.970546 198.133.219.25.80 > 192.168.0.99.4139: P 1010096693:1010098073(1380) ack 396756826 win 64860
03:43:29.971873 192.168.0.99.4139 > 198.133.219.25.80: . ack 1010098073 win 65535
si puo' vedere anche il dettaglio (questa e' un'altra pagina web che si apre):
test-Firewall# show capture PIPPO detail
262 packets captured
04:02:49.041379 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4181 > 172.16.20.1.22: . [tcp sum ok] 4204622289:4204622289(0) ack 3150878396 win 64295 (DF) (ttl 127, id 54980)
04:02:49.041440 0014.f22b.2e19 000d.ed8e.6641 0x0800 110: 172.16.20.1.22 > 192.168.0.99.4181: P 3150878396:3150878452(56) ack 4204622289 win 4096 (ttl 255, id 10102)
04:02:49.260179 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4181 > 172.16.20.1.22: . [tcp sum ok] 4204622289:4204622289(0) ack 3150878452 win 64239 (DF) (ttl 127, id 54985)
04:02:53.886093 000d.ed8e.6641 0014.f22b.2e19 0x0800 73: 192.168.0.99.1075 > 151.99.0.100.53: udp 31 (ttl 127, id 55026)
04:02:54.024962 000c.85da.b1a0 000d.ed8e.6641 0x0800 129: 151.99.0.100.53 > 192.168.0.99.1075: udp 87 (DF) (ttl 246, id 60044)
04:02:54.026793 000d.ed8e.6641 0014.f22b.2e19 0x0800 66: 192.168.0.99.4183 > 198.133.219.25.80: S [tcp sum ok] 375240897:375240897(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 127, id 55031)
04:02:54.216770 000c.85da.b1a0 000d.ed8e.6641 0x0800 58: 198.133.219.25.80 > 192.168.0.99.4183: S [tcp sum ok] 1056037466:1056037466(0) ack 375240898 win 8192 <mss 1380> (ttl 232, id 10)
04:02:54.217334 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4183 > 198.133.219.25.80: . [tcp sum ok] 375240898:375240898(0) ack 1056037467 win 65535 (DF) (ttl 127, id 55037)
04:02:54.217579 000d.ed8e.6641 0014.f22b.2e19 0x0800 423: 192.168.0.99.4183 > 198.133.219.25.80: P 375240898:375241267(369) ack 1056037467 win 65535 (DF) (ttl 127, id 55038)
04:02:54.408670 000c.85da.b1a0 000d.ed8e.6641 0x0800 54: 198.133.219.25.80 > 192.168.0.99.4183: . [tcp sum ok] 1056037467:1056037467(0) ack 375241267 win 64491 (DF) (ttl 232, id 4220)
04:02:54.412789 000c.85da.b1a0 000d.ed8e.6641 0x0800 645: 198.133.219.25.80 > 192.168.0.99.4183: P 1056037467:1056038058(591) ack 375241267 win 64860 (DF) (ttl 232, id 4221)
04:02:54.412820 000c.85da.b1a0 000d.ed8e.6641 0x0800 54: 198.133.219.25.80 > 192.168.0.99.4183: F [tcp sum ok] 1056038058:1056038058(0) ack 375241267 win 64860 (DF) (ttl 232, id 4222)
04:02:54.413674 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4183 > 198.133.219.25.80: . [tcp sum ok] 375241267:375241267(0) ack 1056038059 win 64944 (DF) (ttl 127, id 55040)
04:02:54.413949 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4183 > 198.133.219.25.80: F [tcp sum ok] 375241267:375241267(0) ack 1056038059 win 64944 (DF) (ttl 127, id 55041)
04:02:54.414575 000d.ed8e.6641 0014.f22b.2e19 0x0800 66: 192.168.0.99.4184 > 198.133.219.25.80: S [tcp sum ok] 2416519302:2416519302(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 127, id 55042)
04:02:54.604277 000c.85da.b1a0 000d.ed8e.6641 0x0800 54: 198.133.219.25.80 > 192.168.0.99.4183: . [tcp sum ok] 1056038059:1056038059(0) ack 375241268 win 64860 (DF) (ttl 232, id 4223)
04:02:54.604979 000c.85da.b1a0 000d.ed8e.6641 0x0800 58: 198.133.219.25.80 > 192.168.0.99.4184: S [tcp sum ok] 1056049340:1056049340(0) ack 2416519303 win 8192 <mss 1380> (ttl 232, id 10)
04:02:54.605422 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4184 > 198.133.219.25.80: . [tcp sum ok] 2416519303:2416519303(0) ack 1056049341 win 65535 (DF) (ttl 127, id 55044)
04:02:54.605757 000d.ed8e.6641 0014.f22b.2e19 0x0800 421: 192.168.0.99.4184 > 198.133.219.25.80: P 2416519303:2416519670(367) ack 1056049341 win 65535 (DF) (ttl 127, id 55045)
04:02:54.797138 000c.85da.b1a0 000d.ed8e.6641 0x0800 54: 198.133.219.25.80 > 192.168.0.99.4184: . [tcp sum ok] 1056049341:1056049341(0) ack 2416519670 win 64493 (DF) (ttl 232, id 30144)
04:02:54.887344 000c.85da.b1a0 000d.ed8e.6641 0x0800 1434: 198.133.219.25.80 > 192.168.0.99.4184: . 1056049341:1056050721(1380) ack 2416519670 win 64860 (DF) (ttl 232, id 30145)
04:02:54.887618 000c.85da.b1a0 000d.ed8e.6641 0x0800 1434: 198.133.219.25.80 > 192.168.0.99.4184: P 1056050721:1056052101(1380) ack 2416519670 win 64860 (DF) (ttl 232, id 30146)
04:02:54.888885 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4184 > 198.133.219.25.80: . [tcp sum ok] 2416519670:2416519670(0) ack 1056052101 win 65535 (DF) (ttl 127, id 55051)
04:02:54.951321 000d.ed8e.6641 0014.f22b.2e19 0x0800 66: 192.168.0.99.4185 > 198.133.219.25.80: S [tcp sum ok] 3699280729:3699280729(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 127, id 55053)
04:02:55.080424 000c.85da.b1a0 000d.ed8e.6641 0x0800 1434: 198.133.219.25.80 > 192.168.0.99.4184: . 1056052101:1056053481(1380) ack 2416519670 win 64860 (DF) (ttl 232, id 30147)
04:02:55.080714 000c.85da.b1a0 000d.ed8e.6641 0x0800 1434: 198.133.219.25.80 > 192.168.0.99.4184: . 1056053481:1056054861(1380) ack 2416519670 win 64860 (DF) (ttl 232, id 30148)
04:02:55.081081 000c.85da.b1a0 000d.ed8e.6641 0x0800 1434: 198.133.219.25.80 > 192.168.0.99.4184: . 1056054861:1056056241(1380) ack 2416519670 win 64860 (DF) (ttl 232, id 30149)
04:02:55.081904 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4184 > 198.133.219.25.80: . [tcp sum ok] 2416519670:2416519670(0) ack 1056054861 win 65535 (DF) (ttl 127, id 55055)
04:02:55.082255 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4184 > 198.133.219.25.80: . [tcp sum ok] 2416519670:2416519670(0) ack 1056056241 win 65535 (DF) (ttl 127, id 55056)
04:02:55.141441 000c.85da.b1a0 000d.ed8e.6641 0x0800 58: 198.133.219.25.80 > 192.168.0.99.4185: S [tcp sum ok] 1056071504:1056071504(0) ack 3699280730 win 8192 <mss 1380> (ttl 232, id 13)
04:02:55.142006 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4185 > 198.133.219.25.80: . [tcp sum ok] 3699280730:3699280730(0) ack 1056071505 win 65535 (DF) (ttl 127, id 55062)
04:02:55.142601 000d.ed8e.6641 0014.f22b.2e19 0x0800 998: 192.168.0.99.4185 > 198.133.219.25.80: P 3699280730:3699281674(944) ack 1056071505 win 65535 (DF) (ttl 127, id 55063)
04:02:55.273392 000c.85da.b1a0 000d.ed8e.6641 0x0800 1434: 198.133.219.25.80 > 192.168.0.99.4184: . 1056056241:1056057621(1380) ack 2416519670 win 64860 (DF) (ttl 232, id 30150)
04:02:55.273698 000c.85da.b1a0 000d.ed8e.6641 0x0800 1434: 198.133.219.25.80 > 192.168.0.99.4184: . 1056057621:1056059001(1380) ack 2416519670 win 64860 (DF) (ttl 232, id 30151)
04:02:55.274094 000c.85da.b1a0 000d.ed8e.6641 0x0800 1434: 198.133.219.25.80 > 192.168.0.99.4184: . 1056059001:1056060381(1380) ack 2416519670 win 64860 (DF) (ttl 232, id 30152)
04:02:55.274567 000c.85da.b1a0 000d.ed8e.6641 0x0800 1434: 198.133.219.25.80 > 192.168.0.99.4184: . 1056060381:1056061761(1380) ack 2416519670 win 64860 (DF) (ttl 232, id 30153)
04:02:55.274857 000c.85da.b1a0 000d.ed8e.6641 0x0800 1434: 198.133.219.25.80 > 192.168.0.99.4184: . 1056061761:1056063141(1380) ack 2416519670 win 64860 (DF) (ttl 232, id 30154)
04:02:55.274903 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4184 > 198.133.219.25.80: . [tcp sum ok] 2416519670:2416519670(0) ack 1056059001 win 65535 (DF) (ttl 127, id 55065)
04:02:55.275345 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4184 > 198.133.219.25.80: . [tcp sum ok] 2416519670:2416519670(0) ack 1056060381 win 65535 (DF) (ttl 127, id 55066)
04:02:55.276062 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4184 > 198.133.219.25.80: . [tcp sum ok] 2416519670:2416519670(0) ack 1056063141 win 65535 (DF) (ttl 127, id 55068)
04:02:55.333784 000c.85da.b1a0 000d.ed8e.6641 0x0800 54: 198.133.219.25.80 > 192.168.0.99.4185: . [tcp sum ok] 1056071505:1056071505(0) ack 3699281674 win 7552 (DF) (ttl 41, id 37087)
04:02:55.343900 000c.85da.b1a0 000d.ed8e.6641 0x0800 204: 198.133.219.25.80 > 192.168.0.99.4185: P 1056071505:1056071655(150) ack 3699281674 win 7552 (DF) (ttl 41, id 37088)
04:02:55.358746 000d.ed8e.6641 0014.f22b.2e19 0x0800 998: 192.168.0.99.4185 > 198.133.219.25.80: P 3699281674:3699282618(944) ack 1056071655 win 65385 (DF) (ttl 127, id 55069)
04:02:55.358868 000d.ed8e.6641 0014.f22b.2e19 0x0800 66: 192.168.0.99.4186 > 198.133.219.25.80: S [tcp sum ok] 200993047:200993047(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 127, id 55071)
04:02:55.359570 000d.ed8e.6641 0014.f22b.2e19 0x0800 66: 192.168.0.99.4187 > 198.133.219.25.80: S [tcp sum ok] 537660652:537660652(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 127, id 55073)
04:02:55.360210 000d.ed8e.6641 0014.f22b.2e19 0x0800 66: 192.168.0.99.4188 > 198.133.219.25.80: S [tcp sum ok] 3472255828:3472255828(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 127, id 55075)
04:02:55.360836 000d.ed8e.6641 0014.f22b.2e19 0x0800 66: 192.168.0.99.4189 > 198.133.219.25.80: S [tcp sum ok] 3862882587:3862882587(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 127, id 55077)
04:02:55.361645 000d.ed8e.6641 0014.f22b.2e19 0x0800 66: 192.168.0.99.4190 > 198.133.219.25.80: S [tcp sum ok] 3479714955:3479714955(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 127, id 55079)
04:02:55.362346 000d.ed8e.6641 0014.f22b.2e19 0x0800 66: 192.168.0.99.4191 > 198.133.219.25.80: S [tcp sum ok] 1368448940:1368448940(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 127, id 55081)
04:02:55.362972 000d.ed8e.6641 0014.f22b.2e19 0x0800 66: 192.168.0.99.4192 > 198.133.219.25.80: S [tcp sum ok] 1243638066:1243638066(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 127, id 55083)
04:02:55.363598 000d.ed8e.6641 0014.f22b.2e19 0x0800 66: 192.168.0.99.4193 > 198.133.219.25.80: S [tcp sum ok] 651723927:651723927(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 127, id 55085)
04:02:55.465353 000c.85da.b1a0 000d.ed8e.6641 0x0800 257: 198.133.219.25.80 > 192.168.0.99.4184: . 1056063141:1056063344(203) ack 2416519670 win 64860 (DF) (ttl 232, id 30155)
04:02:55.466284 000c.85da.b1a0 000d.ed8e.6641 0x0800 1434: 198.133.219.25.80 > 192.168.0.99.4184: . 1056063344:1056064724(1380) ack 2416519670 win 64860 (DF) (ttl 232, id 30156)
04:02:55.466742 000c.85da.b1a0 000d.ed8e.6641 0x0800 1434: 198.133.219.25.80 > 192.168.0.99.4184: . 1056064724:1056066104(1380) ack 2416519670 win 64860 (DF) (ttl 232, id 30157)
04:02:55.466787 000c.85da.b1a0 000d.ed8e.6641 0x0800 367: 198.133.219.25.80 > 192.168.0.99.4184: F 1056066104:1056066417(313) ack 2416519670 win 64860 (DF) (ttl 232, id 30158)
04:02:55.467535 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4184 > 198.133.219.25.80: . [tcp sum ok] 2416519670:2416519670(0) ack 1056064724 win 65535 (DF) (ttl 127, id 55087)
04:02:55.468054 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4184 > 198.133.219.25.80: . [tcp sum ok] 2416519670:2416519670(0) ack 1056066418 win 65535 (DF) (ttl 127, id 55089)
04:02:55.468679 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4184 > 198.133.219.25.80: F [tcp sum ok] 2416519670:2416519670(0) ack 1056066418 win 65535 (DF) (ttl 127, id 55090)
04:02:55.469580 000d.ed8e.6641 0014.f22b.2e19 0x0800 66: 192.168.0.99.4194 > 198.133.219.25.80: S [tcp sum ok] 3032158397:3032158397(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 127, id 55091)
04:02:55.549349 000c.85da.b1a0 000d.ed8e.6641 0x0800 58: 198.133.219.25.80 > 192.168.0.99.4186: S [tcp sum ok] 1056088070:1056088070(0) ack 200993048 win 8192 <mss 1380> (ttl 232, id 12)
04:02:55.549516 000c.85da.b1a0 000d.ed8e.6641 0x0800 58: 198.133.219.25.80 > 192.168.0.99.4187: S [tcp sum ok] 1056088280:1056088280(0) ack 537660653 win 8192 <mss 1380> (ttl 232, id 13)
04:02:55.549898 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4186 > 198.133.219.25.80: . [tcp sum ok] 200993048:200993048(0) ack 1056088071 win 65535 (DF) (ttl 127, id 55093)
04:02:55.550005 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4187 > 198.133.219.25.80: . [tcp sum ok] 537660653:537660653(0) ack 1056088281 win 65535 (DF) (ttl 127, id 55094)
04:02:55.550233 000c.85da.b1a0 000d.ed8e.6641 0x0800 58: 198.133.219.25.80 > 192.168.0.99.4188: S [tcp sum ok] 1056088486:1056088486(0) ack 3472255829 win 8192 <mss 1380> (ttl 232, id 14)
04:02:55.550691 000d.ed8e.6641 0014.f22b.2e19 0x0800 1003: 192.168.0.99.4186 > 198.133.219.25.80: P 200993048:200993997(949) ack 1056088071 win 65535 (DF) (ttl 127, id 55095)
04:02:55.550859 000d.ed8e.6641 0014.f22b.2e19 0x0800 992: 192.168.0.99.4187 > 198.133.219.25.80: P 537660653:537661591(938) ack 1056088281 win 65535 (DF) (ttl 127, id 55097)
04:02:55.550890 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4188 > 198.133.219.25.80: . [tcp sum ok] 3472255829:3472255829(0) ack 1056088487 win 65535 (DF) (ttl 127, id 55099)
04:02:55.551225 000c.85da.b1a0 000d.ed8e.6641 0x0800 58: 198.133.219.25.80 > 192.168.0.99.4189: S [tcp sum ok] 1056088606:1056088606(0) ack 3862882588 win 8192 <mss 1380> (ttl 232, id 15)
04:02:55.551286 000d.ed8e.6641 0014.f22b.2e19 0x0800 996: 192.168.0.99.4188 > 198.133.219.25.80: P 3472255829:3472256771(942) ack 1056088487 win 65535 (DF) (ttl 127, id 55100)
04:02:55.551668 000d.ed8e.6641 0014.f22b.2e19 0x0800 60: 192.168.0.99.4189 > 198.133.219.25.80: . [tcp sum ok] 3862882588:3862882588(0) ack 1056088607 win 65535 (DF) (ttl 127, id 55102)
04:02:55.552263 000d.ed8e.6641 0014.f22b.2e19 0x0800 994: 192.168.0.99.4189 > 198.133.219.25.80: P 3862882588:3862883528(940) ack 1056088607 win 65535 (DF) (ttl 127, id 55103)
7. Cancelliamo il capture:
test-Firewall# show capture
capture PIPPO access-list PROVA interface inside circular-buffer
test-Firewall# no capture PIPPO
test-Firewall# show capture
test-Firewall#
test-Firewall# show memory
Free memory: 16197672 bytes
Used memory: 17356760 bytes
------------- ----------------
Total memory: 33554432 bytes
test-Firewall#
test-Firewall# show cpu usage
CPU utilization for 5 seconds = 0%; 1 minute: 0%; 5 minutes: 0%
Copyright 2003-2004 – Gianrico Fichera –
Il
materiale di questa pagina non e’ sponsorizzato o
sottoscritto da Cisco Systems, Inc. Ciscoâ
e’ un trademark di Cisco Systems, Inc. negli Stati Uniti e
in altri stati. L’autore di questa pagina non si assume
nessuna responsabilita’ e non da nessuna garanzia
riguardante l’accuratezza e la completezza delle
informazioni presenti nonche’ da conseguenze sull’uso
delle informazioni presenti in questa pagina.
Il
sito web ufficiale della Cisco e’ http://www.cisco.com.
Nel caso si volesse utilizzare il contenuto di questa pagina
nella forma in cui e’ presentato rivolgersi all’autore
scrivendo a gianrico.fichera itesys.it.
E' possibile utilizzare il contenuto di questa pagina per fini
didattici (non lucro) purche' si dia credito all'autore.