Chapter 13. Network Diagnostic Tools

Table of Contents

13.1. Firewalling check

13.2. Access check

13.3. Packet Dumping

13.3.1. Dump parameters

13.3.2. Security settings required

13.3.3. IP address matching

13.3.4. Packet types

13.3.5. Snaplen specification

13.3.6. Using the web interface

13.3.7. Using an HTTP client

13.3.7.1. Example using curl and tcpdump

Various network diagnostic tools are provided by the FB6000, accessible through either the web user interface or the CLI :-

Packet dump : low level diagnostics to for detailed examination of network traffic passing through the FB6000
Ping : standard ICMP echo request/reply ping mechanism
Traceroute : classical traceroute procedure - ICMP echo request packets with increasing TTL values, soliciting "TTL expired" responses from routers along the path
Access check : check whether a specific IP address is allowed to access the various network services described in Chapter 12
Firewall check : check how the FB6000 would treat specific traffic when deciding whether to establish a new session (as per the processing flow described in ???)

Each tool produces a textual result, and can be accessed via the CLI, where the same result text will be shown.

Caution

The diagnostic tools provided are not a substitute for external penetration testing - they are intended to aid understanding of FB6000 configuration, assist in development of your configuration, and for diagnosing problems with the behaviour of the FB6000 itself.

13.1. Firewalling check

The FB6000 follows a defined processing flow when it comes to deciding whether to establish a new session - see ??? for an overview of session tracking, and its role in implementing firewalling. The processing flow used to decide whether to allow a session i.e. to implement firewalling requirements, is covered in ???.

The firewalling check diagnostic facility allows you to submit the following traffic parameters, and the FB6000 will show how the processing flow procedes given those parameters - at the end of this is a statement of whether the session will be allowed or not :-

Source IP address
Target IP address
Protocol number (1=ICMP, 6=TCP, 17=UDP, 58=ICMPv6)
Target port number (only for protocols using port numbers, e.g. TCP/UDP)
Source port number - OPTIONAL

In the web user interface, this facility is accessed by clicking on "Firewall check" in the "Diagnostics" menu. Once you have filled in the required parameters, and clicked the "Check" button, the FB6000 will produce a textual report of how the processing flow proceded (it may be helpful to also refer to the flow chart shown in ???).

For example, if we submit parameters that describe inbound (i.e. from a WAN connection) traffic that would result from trying to access a service on a host behind the FB6000, we have implemented a 'default drop' policy firewalling method, and we have not explicitly allowed such sessions, we would see :-

Checking rule-set 1 [filters] - No matched rules in rule-set, no-match-action is DROP, no further rule-sets considered
Final action is to DROP the session.


12.5. SNMP configuration		13.2. Access check