Manualshelf

HP Comware 5 Debug Manual Vol 2

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis
51525354555657585960
// Firewall found a matching fragment inspection entry 0x9465044 with fragment ID 57687 for the
received fragment.
*Mar 18 14:28:43:746 2006 Sysname FILTER/7/FRAG_PKT: Non-Initial fragment 20.0.0.2 -
20.0.0.3 frag-ID 57687 protocol tcp 44 bytes from interface GigabitEthernet0/1
// Firewall received a non-initial fragment on GigabitEthernet 0/1.
*Mar 18 14:28:43:778 2006 Sysname FILTER/7/FRAG_DELETE: Delete fragments inspection entry
0x9465044 bucket 343 protocol TCP address 20.0.0.2:1055 - 20.0.0.2:1720 frag-ID 57687
// Firewall deleted the fragment inspect entry 0x9465044.
For multi-core device:
# Enable debugging for ICMP packets on the device with firewall enabled.
<Sysname> debugging firewall icmp
*May 31 12:14:17:337 2006 Sysname DPFILTER/7/debug:
Thread 30, the inbound icmp packet is permitted on the interface Ethernet1/1:
(192.168.144.2)->(10.0.144.1), 600 bytes, ACL 3000.
// Firewall allowed an incoming ICMP packet on Ethernet 1/1. ACL 3000 is applied in the inbound
direction of the interface.
# Enable debugging for TCP packets on the device with firewall enabled.
<Sysname> debugging firewall tcp
*May 31 12:17:07:518 2006 Sysname DPFILTER/7/debug:
Thread 29, the inbound tcp packet is permitted on the interface Ethernet1/1: (192.168.144.2
1618)->(10.0.144.1 21), 48 bytes, ACL none.
// Firewall allowed an incoming TCP packets on interface Ethernet 1/1. No ACL is applied in the
inbound direction of the interface.
# Enable debugging for UDP packets on the device with firewall enabled.
<Sysname> debugging firewall udp
*May 31 12:19:39:710 2006 Sysname DPFILTER/7/debug:
Thread 24, the outbound udp packet is denied on the interface Ethernet1/1: (192.168.144.2
1722)->(10.0.144.1 59), 600 bytes, ACL 2000.
// Firewall allowed an outgoing UDP packets on Ethernet 1/1. ACL 2000 is applied in the outbound
direction of the interface.
debugging firewall packet-filter
Use debugging firewall packet-filter to enable debugging for packet filtering.
Use undo debugging firewall packet-filter to disable debugging for packet filtering.
Syntax
debugging firewall packet-filter { tcp | udp | icmp | others | all } [ acl acl-number ]
undo debugging firewall packet-filter { tcp | udp | icmp | others | all }
Default
Debugging for packet filtering is disabled.
Views
User view
51