Traffic Monitoring

To monitor traffic, use the following command:

Admin@nodename> show traffic

Parameter

Description

flows

Displays information about the incoming and outgoing flows. Filtering is available by:

  • source-ip: the source IP address

  • source-port: the source port

  • dest-ip: the destination IP address

  • dest-port: the destination port

  • vlan-tag: the VLAN tag.

  • interface-name: the name of the interface

  • node-name: the node name

  • protocol: the protocol

connections

Displays information about the connections (the protocol and its number, record TTL; source and destination IP addresses, source and destination ports; source and destination IP addresses, source and destination ports expected in the response; session status (UNREPLIED or ASSURED); number of sent and received packets and bytes; source zone; whether this is a session of a known NGFW user; etc.).

Filtering is available by:

  • protocol: the protocol

  • source-ip: the source IP address

  • dest-ip: the destination IP address

  • node-name: the node name

  • expect: display non-established connections. The options are:

    • on

    • off

capture

Displays packet capture.

Filtering by the following parameters is available:

  • destination: the destination IP address

  • destination-port: the destination port

  • ipv4-protocol: the IPv4 protocol number (0-255)

  • interfaces: the name of the interface

  • protocol: select a protocol

  • rule: select an existing rule for packet capture

  • source: the source IP address

  • source-port: the source port

Example traffic monitoring command:

Admin@nodename> show traffic connections node-name utmcore@dineanoulwer dest-ip 192.168.0.100 expect on