Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 2628 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Filtering dropped packages

bonne
Hi.

What is the appropriate way to package capture dropped packets using tcpdump?

Lets say I want to capture all dropped packages on eth3 to or from 1.2.3.4?

I guess it is something like:

tcpdump -i eth3 host 1.2.3.4

... but as I see, this is only capturing passed packets. How to do the opposite?

Regards, Lars.


This thread was automatically locked due to age.
Parents
  • 0
    So there is no equivalent way to lets say BSD's:

    tcpdump -n -e -ttt -i pflog0 host a.b.c.d

    which will give me a live output of what is blocked and logged reg. host a.b.c.d?

    What would be the smartest approach on Sophos UTM 9 to find which ports are being blocked from or to a given host? I have tried the livelog on the web interface, and honestly I find it to be very complicated to work with.

    Regards, Lars.
Reply
  • 0
    So there is no equivalent way to lets say BSD's:

    tcpdump -n -e -ttt -i pflog0 host a.b.c.d

    which will give me a live output of what is blocked and logged reg. host a.b.c.d?

    What would be the smartest approach on Sophos UTM 9 to find which ports are being blocked from or to a given host? I have tried the livelog on the web interface, and honestly I find it to be very complicated to work with.

    Regards, Lars.
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?