Packet Tracing

To perform packet tracing, use the following command:

Admin@nodename> show network trace

It will display information such as the source and destination IP addresses, protocol, UserGate source and destination port names, and source and destination TCP/UDP port numbers. This command is also available in the configuration mode.

To exit the packet tracing mode, press Ctrl+C.

Packet tracing rules are created and configured in the configuration mode at the network level. To create a rule, use the following command:

Admin@nodename# create network trace-rules

Next, specify the following parameters:

Parameter

Description

enabled

Enable or disable the packet tracing rule:

  • on

  • off

name

The name of the rule. If not set, the name is generated automatically as trace_rule_N, where N is the ordinal number of the packet tracing rule being created.

zones-in

The list of traffic source zones.

source-ip-lists

The list of source IP address groups for the packets. For more details on creating IP address groups using the CLI, see the section Configuring IP Addresses.

source-ip-addresses

The list of source IP addresses for the packets.

dest-ip-lists

The list of destination IP address groups for the packets. For more details on creating IP address groups using the CLI, see the section Configuring IP Addresses.

dest-ip-addresses

The list of destination IP addresses for the packets.

services

Service type. For more details, see the Configuring Services section.

Example command to create a rule:

Admin@nodename# create network trace-rules enabled on name "Test trace" source-ip-addresses [ 192.168.0.100 ]

Example command to edit a rule:

Admin@nodename# set network trace-rules <trace-rule-name> Admin@nodename# set network trace-rules "Test trace" services [ "[SYSTEM] Any ICMP" ]

All the parameters listed in the table above can be modified.

To view the existing packet tracing rules:

Admin@nodename# show network trace-rules

To delete a packet tracing rule, use the following command:

Admin@nodename# delete network trace-rules <trace-rule-name>

The values of individual rule parameters can also be deleted. These are available for deletion:

  • zones-in

  • source-ip-lists

  • source-ip-addresses

  • dest-ip-lists

  • dest-ip-addresses

  • services