How can I see the session information (interface and ip details) of dropped packets because of ip spoof protection?

Reply
L4 Transporter

How can I see the session information (interface and ip details) of dropped packets because of ip spoof protection?

thanks,

Emma

L4 Transporter

Re: How can I see the session information (interface and ip details) of dropped packets because of ip spoof protection?

Hi Emma,

As well as my knowledge. if you are getting logs, use below command in putty show session all and show session id (.......). if you are not able to find out any thing then try to packet capture.

I hope its help full.

Regards

Satish

L2 Linker

Re: How can I see the session information (interface and ip details) of dropped packets because of ip spoof protection?

It logs as a counter on the interface,  show counter interface ethernet1/1.

For a detailed log you need to make a debug , follow this document Packet Based Troubleshooting - Configuring Packet Captures and Debug Logs

And you get something like that,

Packet received at ingress stage

Packet info: len 78 port 36 interface 269 vsys 1

  wqe index 266614 packet 0x0x8000000419b930e2

Packet decoded dump:

L2:     3c:08:f6:2d:e6:c0->00:1b:17:00:02:24, VLAN 319 (0x8100 0x013f), type 0x0800

IP:     213.4.35.220->176.12.86.33, protocol 1

        version 4, ihl 5, tos 0x00, len 60,

        id 605, frag_off 0x0000, ttl 122, checksum 16214

ICMP:   type 8, code 0, checksum 19796, id 1, seq 7

Flow lookup, key word0 0x1000700100100 word1 0

No active flow found, enqueue to create session

IP:     213.4.35.220->176.12.86.33, protocol 1

        version 4, ihl 5, tos 0x00, len 60,

        id 606, frag_off 0x0000, ttl 122, checksum 16213

ICMP:   type 8, code 0, checksum 19795, id 1, seq 8

Session setup: vsys 1

Packet dropped, IP spoof on interface ethernet1/21.319

Packet dropped, Session setup failed

L4 Transporter

Re: How can I see the session information (interface and ip details) of dropped packets because of ip spoof protection?

Thanks!!

Emma

L2 Linker

Re: How can I see the session information (interface and ip details) of dropped packets because of ip spoof protection?

EmmaF what were you attempting to troubleshoot with the counters?

VP of R&D at indeni
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!