Re: Showing PIX traffic

In article <OvudnQkdz9BbCJ_ZRVn-rg@comcast.com>,
Jon Doe <jdoe@comcast.net> wrote:
>I've had situations where I'm troubleshooting the pix firewall in terms of
>someone trying to connect from the outside. The problem I have is, I don't
>know of an easy command on the PIX that could tell me the source of a
>certain connection and if the connection is allowed or denied.

There isn't one.

>I know I can use "show access-list" to show hit counts, but what's a command
>I can type to show a destination address (on my side), who's trying to hit
>it (from the outside), and if the traffic was allowed or denied without
>leaving the console?

There isn't one. But you can get the 2/3 of that by using 'capture'
with an appropriate ACL.

>This may seem like a basic question... but I'd really appreciate it if
>someone can help me out here. Haven't been able to find anything on the
>internet on that except for syslogs which gives me "too much information"
>(so, ends up being no help at all). I'm using version 6.3(4).

You can use syslog and set all the -other- elements in the ACL
to be marked "log disable". Or you can use syslog and post-filter
the output to search for the destination you are interested in.
Received on Mon May 1 00:53:20 2006