You want to capture and view packets as they traverse the ScreenOS gateway.
snoop command enables packet captures on ScreenOS gateways. It captures packets to the debug buffer:
snoopStart Snoop, type ESC or 'snoop off' to stop, continue? [y]/n y Internal_fw-> ...<wait for a few seconds to capture the stream> Internal_fw->
snoop offSnoop off Internal_fw->
snoop command is similar to
tcpdump commands in the Unix world. It captures packets as they traverse the firewall, but unlike
debug flow basic,it does not show the processing that the ScreenOS gateway performed on them.
Please note that for high-end, ASIC-based, high-throughput ScreenOS gateways such as the ISG-1000/2000 and the NS5200/5400, the output generated by snoop, just like the
debug flow basic output, only displays the initial packets for a given flow until a full session table entry is generated. Once a full session table entry is set up on the high-end platforms, and the subsequent packets for that session flow are pro-cessed directly by the ASIC fast-path,
snoop does not capture those pack-ets. On the other hand, the
snoop output on the lower-end SSG-5 through SSG-500 Series, and the NS-5GT, NS-25/50, NS-200, and NS-500 Series, shows all of the subsequent packets associated with the session flowing through the ScreenOS gateway.
Once the packets have been captured by running the