You want to track the processing of a packet as ScreenOS processes and make decisions on it.
debug flow basic ScreenOS command shows the debug mode processing of a packet beginning with its entry on an interface through the sequence of processing steps:
debug flow basic...<wait for a few seconds to capture the stream> Internal_fw->
get dbuf stream
debug flow basic command provides extensive processing details on a packet, beginning with its entry on an interface through the steps of policy matching and the final forwarding decision.
When a packet enters a ScreenOS gateway, it goes through a sequence of processing steps. For packets that are permitted or tunneled through the gateway, the processing steps culminate in a firewall session table entry being generated and the packet being forwarded out. An incoming packet goes through the following processing steps:
Assign the packet a source security zone.
Match the packet against any of the screens defined in the ScreenOS configuration to check whether it represents a malicious attack such as a
SYN or ICMP flood. If yes, take the screen action on the packet. If the packet passes screen protection without being dropped, proceed to step 3.
Match the packet against the session table of existing, active sessions. If yes, forward the packet based on the actions defined in the session's state details. If not, ...