Chapter 13. Network Diagnostic Tools

Table of Contents

13.1. Access check
13.2. Packet Dumping
13.2.1. Dump parameters
13.2.2. Security settings required
13.2.3. IP address matching
13.2.4. Packet types
13.2.5. Snaplen specification
13.2.6. Using the web interface
13.2.7. Using an HTTP client
13.2.7.1. Example using curl and tcpdump

Various network diagnostic tools are provided by the FB6000, accessible through either the web user interface or the CLI :-

Each tool produces a textual result, and can be accessed via the CLI, where the same result text will be shown.

Caution

The diagnostic tools provided are not a substitute for external penetration testing - they are intended to aid understanding of FB6000 configuration, assist in development of your configuration, and for diagnosing problems with the behaviour of the FB6000 itself.

13.1. Access check

For each network service implemented by the FB6000 (see Chapter 12), this command shows whether a specific IP address will be able to access or utilise the service, based on any access restrictions configured on the service.

For example, the following shows some service configurations (expressed in XML), and the access check result when checking access for an external address, 1.2.3.4 :-

  <http local-only="false"/>
Web control page access via http:-
This address is allowed access to web control pages subject to
username/password being allowed.
  <telnet allow="admin-ips"
          local-only="false"/>
Telnet access:-
This address is not allowed access due to the allow list on telnet
service.

(in this example, admin-ips is the name of an IP address group that does not include 1.2.3.4)

  <dns local-only="true"/>
DNS resolver access:-
This address is not on a local Ethernet subnet and so not allowed access.