One thing I learned today on this last topic that I wanted to make sure I stated correctly. On my last post ( http://checkpointfun.blogspot.com/2012/01/packet-debugging-through-firewall.html ), I had a packet pinging through the firewall out into the Internet. However, what I want to make sure Im clear on is the meaning of the letters I mentioned before in the packet capture (i,I,O,o). I think this will be very important in troubleshooting, as it has been to me so far. So, here is an example:
i = "incoming" to the interface mentioned in the capture
I= "incoming" into the OS kernal
O= "outgoing" from the OS kernal
o= "outgoing" from the interface mentioned in the capture
So, lets look at this packet capture below, from the start (including the command):
fw monitor -e "accept src=29.27.7.2 or dst=29.27.7.2;"
monitor: getting filter (from command line)
monitor: compiling
monitorfilter:
Compiled OK.
monitor: loading
monitor: monitoring (control-C to stop)
External:o[154]: 17.27.14.13 -> 29.27.7.2 (UDP) len=154 id=0 <--------- "o" outgoing from the OS kernal
UDP: 48900 -> 1812
External:O[154]: 17.27.14.13 -> 29.27.7.2 (UDP) len=154 id=0 <--------- "O" outgoing from the outside interface from the IP of 17.27.14.13 to 29.27.7.2
UDP: 48900 -> 1812
External:i[207]: 29.27.7.2 -> 17.27.14.13 (UDP) len=207 id=10621 <--------- "i" incoming into the outside interface from the IP of 29.27.7.2 to 17.27.14.13
UDP: 1812 -> 48900
External:I[207]: 29.27.7.2 -> 17.27.14.13 (UDP) len=207 id=10621 <--------- "I" incoming into the OS kernal
UDP: 1812 -> 48900
I just wanted to make sure I made clear the meanings of the letters i, I, O, and o. Thanks.
