Manualshelf

HP-UX IPFilter V17.05 Administrator Guide HP-UX 11i v2 and HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
61626364656667686970
9.3.2.1 Syntax
ipmon -options
9.3.2.2 Options
-a Opens and reads data from all available log files. Equivalent
to -o NSI.
-o [NSI] Specifies which log file to read data from. Valid values are:
N—NAT log file
S—State log file
I—IPFilter log file
-A Logs the summary records created for DCA logging.
-r Prints the summary records to the summary log file and clears
the block count for each limit entry.
-F Flushes the packet log buffer. Output displays the number
of bytes flushed.
-n Maps IP addresses and port numbers to host names and
services wherever possible.
-C <ipmon configuration
file>
Reads rules and actions from the configuration file.
For a complete list of ipmon options and their uses, see the ipmon manpage.
9.3.2.3 Examples
To view the state table as it updates, use the ipmon -o S command.
Example:
# ipmon -o S
01/08/1999 15:58:57.836053 STATE:NEW 100.100.100.1,53 ->20.20.20.15,53 PR udp
01/08/1999 15:58:58.030815 STATE:NEW 20.20.20.15,123 ->128.167.1.69,123 PR udp
01/08/1999 15:59:18.032174 STATE:NEW 20.20.20.15,123 ->128.173.14.71,123 PR udp
01/08/1999 15:59:24.570107 STATE:EXPIRE 100.100.100.1,53 ->20.20.20.15,53 PR udp Pkts 4 Bytes 356
01/08/1999 16:03:51.754867 STATE:NEW 20.20.20.13,1019 ->100.100.100.10,22 PR tcp
01/08/1999 16:04:03.070127 STATE:EXPIRE 20.20.20.13,1019 ->100.100.100.10,22 PR tcp Pkts 63 Bytes 4604
A state entry for an external DNS request to the nameserver is displayed by ipmon. Two xntp
pings to well-known time servers and a short outbound SSH connection are also displayed.
You can also use ipmon to display packets that have been logged.
To view the IPFilter packet log, use theipmon -o I command.
Example:
# ipmon -o I
15:57:33.803147 lan0 @0:2 b 100.100.100.103,443 ->
20.20.20.10,4923 PR tcp len 20 1488 -A:
The fields in this output are as follows:
Field 1—Time stamp
Field 2—The interface on which the event occurred
Field 3—Rule group number: rule number of the rule used for the packet, in the format
@group_number:rule_number
Field 4—Action; blocked (b) or passed (p) packet
62 Troubleshooting HP-UX IPFilter