Snoop Command

Netscreen Firewalls – using the Snoop Utility.

Snoop is a powerful troubleshooting tool that gives the user the ability to view packet information from layer-2 to layer-4 as it comes into and out of the firewall interfaces.

1)  Set the firewall to send snoop output to the dbug buffer (it is on by default):

            set console dbuf [Enter]

2)  Create and verify the desired snoop filters

           snoop <options> [Enter] 

e.g:-

NSFW-> snoop filter ip 172.16.4.2
NSFW-> snoop info

3) Clear the debug buffer:

           clear db [Enter]

    Note: The debug buffer is a circular buffer, once the buffer has reached the size limit, the oldest data will be overwritten.

4) Enable snoop:

           snoop [Enter]
Start Snoop, type ESC or ‘snoop off’ to stop, continue? [y]/n y

5) View the contents of the debug buffer.

            get dbuf stream [Enter]

6) After testing, disable snoop:

           snoop off [Enter]

——————————————————————————————————

An Example :-

NSFW->snoop                                               ***enables snoop***
NSFW->snoop filter ip 172.16.4.2             ***creates a snoop filter for ip 172.16.4.2***
NSFW->snoop info                                      ***shows snoop info***
NSFW->clear db                                           ***clears the debug buffer***
NSFW->get db str                                        ***shows the debug buffer stream****

 – How do I interpret the snoop output?

What options are available when configuring snoop?