Help with debug commands

  • Guys,

    I’m not familiar with the NS and I need to debug why the NS is blocking traffic from certain hosts in my untrusted LAN to my trusted LAN. From my trusted I can ping all day the problematic hosts in my Untrusted LAN.

    From the problematic hosts I can ping the internal interface of my trusted LAN over the VPN tunnel so it’s routing correctly and the PIX is letting the ping through the VPN tunnel. But I can’t ping other hosts.

    I know it sounds like a policies issue but I don’t see anything logged anywhere.

    Any help?

  • another way to stop all debug and snoops is to simply hit the ‘esc’ key or by logging out if your logged in via telnet/ssh.

    if you want to quickly just see what getting dropped a better debug is

    debug flow drop

    if you tell us the the type of traffic it might help…

  • Global Moderator

    You have to enter the set ff commands before you start the debug with debug flow basic.

  • How do you apply the filter to the debug stream?

  • I will try it out. Thanks for your help!!

  • Hi,

    The way for debuging is:

    • debug flow basic (or you can change, with the Tab key, you will see a list)
    • clear db (to clear the buffer)
    • do what you have to do 🙂
    • undebug all (to stop the debugging)
    • get db st (to display the debug output).

    But if you do only that, you will have a lot of garbage.
    You can create some filters with:

    • set ff dst-ip X.X.X.X (Tab key to see the list of possible filters)
    • get ff (to check your filters)
    • unset ff (to clear filters)

    Hope it will help you