Chapter 11. Network Diagnostic Tools

Table of Contents

11.1. Access check
11.2. Packet Dumping
11.2.1. Dump parameters
11.2.2. Security settings required
11.2.3. IP address matching
11.2.4. Packet types
11.2.5. Snaplen specification
11.2.6. Using the web interface
11.2.7. Using an HTTP client
11.2.7.1. Example using curl and tcpdump

Various network diagnostic tools are provided by the FB9000, accessible through either the web user interface or the CLI :-

Each tool produces a textual result, and can be accessed via the CLI, where the same result text will be shown.

Caution

The diagnostic tools provided are not a substitute for external penetration testing - they are intended to aid understanding of FB9000 configuration, assist in development of your configuration, and for diagnosing problems with the behaviour of the FB9000 itself.

11.1. Access check

For each network service implemented by the FB9000 (see Chapter 10), this command shows whether a specific IP address will be able to access or utilise the service, based on any access restrictions configured on the service.

For example, the following shows some service configurations (expressed in XML), and the access check result when checking access for an external address, 1.2.3.4 :-

  <http local-only="false"/>
Web control page access via http:-
This address is allowed access to web control pages subject to
username/password being allowed.
  <telnet allow="admin-ips"
          local-only="false"/>
Telnet access:-
This address is not allowed access due to the allow list on telnet
service.

(in this example, admin-ips is the name of an IP address group that does not include 1.2.3.4)

  <dns local-only="true"/>
DNS resolver access:-
This address is not on a local Ethernet subnet and so not allowed access.