Fw monitor

Guia simples de comandos packets where source ip = 216.12.145.20

fw monitor -m i -e 'accept host(208.44.108.136) ;'
fw monitor -e 'accept src=216.12.145.20 ;'

arrumar

1. fw monitor -e ‘accept src=216.12.145.20 or dst= 216.12.145.20;’ packets where source or destination ip = 216.12.145.20
2. fw monitor -e ‘accept port(25) ;’ packets where destination or source port = 25
3. fw monitor -e ‘accept dport=80 ;’ packets where destination port = 80
4. fw monitor -e ‘accept sport>22 and dport>22 ; ' packets with source and destination ports greater than 22
5. fw monitor -e ‘accept ip_len = 1477;’ packets where their length equals exactly 1477 bytes
6. fw monitor -e ‘accept icmp_type=ICMP_UNREACH;’ ICMP packets of Unreachable type
7. fw monitor -e ‘accept from_net(216.163.137.68,24);’ packets having source IP in the network 216.163.137.0/24
8. fw monitor -e ‘accept from_net(216.163.137.68,24) and port(25) and dst=8.8.8.8 ;’ packets coming from network 216.163.137.0/24 that are destined to the host 8.8.8.8 and hving source or destination port = 25
9. fw monitor -m i -x 40,450 -e ‘accept port(80);’ incoming packets before any rules are applied also

display contents of the packet starting at 40th byte of 450 bytes length

1. fw monitor -m i -pi -ipopt_strip -e ‘accept host(66.240.206.90);’ incoming packets from/to host 66.240.206.90 , insert sniffer before module named ipopt_strip
2. fw monitor -D -m i -pi -ipopt_strip -e ‘accept host(66.240.206.90);’ same as above but add debug info