Troubleshooting guide
Chapter 2 Troubleshooting Tools FireWall-1 Monitor Command
Advanced Technical Reference Guide 4.1 • June 2000 18
snoop. Where snoop is the only way to obtain information, verify that the Sun patches have been
applied before running the snoop.
Files
Filename: Explanation:
$FWDIR/tmp/monitorfilter.pf
The (copied) INSPECT filter file.
$FWDIR/tmp/monitorfilter.*
(.* for .fc, .ft, etc.)
Output files of the compilation. These are removed before the program
exits.
Notes
It is extremely important to avoid interfering with the security policy tables, or unexpected behavior may result
(which may include a machine crash). In the "post machine" inspection points (I and O) packets are
"defragmented", which means that the packet data buffer transferred from the kernel includes data from all IP
fragments, but only the IP header of the first fragment (which indicates the length of the first fragment only).
An exception to this is, for example, when there is no virtual defragmentation (such as when no security policy
is loaded on the FireWall).
Any load, fetch or unload of the security policy while fw monitor is running will cause the monitor filter to
be unloaded and the program to exit.