Technical data
Command Line Reference
Check Point VSX Administration Guide NGX R67 | 184
fw monitor
Description
Captures network packets at multiple points within the VSX
environment. You can only run one instance of this command at a time
on VSX gateway.
This section only presents the syntax relevant for VSX gateways or
clusters.
Syntax
fw monitor [-v vsid]
Parameters
Parameter
Description
[-v vsid]
Specify a gateway or Virtual System by its ID. the
specific Virtual System on which packets should be
captured. The default gives the VSX gateway.
Return Value
0 (zero) indicates that the command executed successfully. Any other
response indicates an error.
Example
fw monitor -v 2 -e 'accept ip_p=6 shows all TCP packets
passing through Virtual System 2.
Output
[member1:0]# fw monitor
monitor: getting filter (from command line)
monitor: compiling
monitorfilter:
Compiled OK.
monitor: loading
monitor: monitoring (control-C to stop)
eth4:o[124]: 192.168.200.171 -> 192.168.200.1 (TCP)
len=124 id=56430
TCP: 22 -> 1794 ...PA. seq=28d95f71 ack=57e454b1
eth4:O[124]: 192.168.200.171 -> 192.168.200.1 (TCP)
len=124 id=56430
TCP: 22 -> 1794 ...PA. seq=28d95f71 ack=57e454b1
eth4:i[40]: 192.168.200.1 -> 192.168.200.171 (TCP)
len=40 id=64876
TCP: 1794 -> 22 ....A. seq=57e454b1 ack=28d95fc5
eth4:I[40]: 192.168.200.1 -> 192.168.200.171 (TCP)
len=40 id=64876
TCP: 1794 -> 22 ....A. seq=57e454b1 ack=28d95fc5
monitor: caught sig 2
monitor: unloading
fw tab
Description
Displays state tables for a specific Virtual System. State tables are
used to store state information that Virtual Systems use to correctly
inspect packets.
Syntax
fw [-vs vsid | vsname] tab [-t table name] [...]