Ping a Specific Port

Question

Cian

Asked: 2009-08-18 03:22:23 +0800 CST2009-08-18 03:22:23 +0800 CST 2009-08-18 03:22:23 +0800 CST

Checkpoint FW1 logging

772

When I view the logs created for my checkpoint fw1, does it log connections on receiving the syn, or does it wait till the three way handshake completes? If it logs after the syn, is there anyway of telling where the three way handshake has not completed?

2 Answers

Voted

radius · Answer 1 · 2009-08-18T03:28:51+08:00

radius

2009-08-18T03:28:51+08:002009-08-18T03:28:51+08:00

I guess it logs when it receive the SYN, you could easily verify this by just sending a syn with a tool like hping.
If you want to see the three way handshake I would recommand to use fw monitor, there is good pdf about it on checkpoint website.
The quick step is to run something like fw monitor -e 'accept src=1.2.3.4 or dst= 1.2.3.4;'

Edit: Of course, this as to be done in live, so it's not as good as logging...

1

iamfromit · Answer 2 · 2012-12-07T05:05:40+08:00

Best Answer

iamfromit

2012-12-07T05:05:40+08:002012-12-07T05:05:40+08:00

The initial log is queued/initially defined upon SYN_RECV for a standard traffic log without accounting.

With accounting enabled, the accounting log counters are then retained and forwarded to the log module for completion of the log record. A complete accounting log record would include the initial access log + some accounting details of the recorded session or virtual session.

1

Checkpoint FW1 logging

Ping a Specific Port

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What's the command-line utility in Windows to do a reverse DNS look-up?

How to check if a port is blocked on a Windows machine?

What port should I open to allow remote desktop?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?