There is some clarifications required - is your connection also working 'beautifully' or the fw monitor alone is working beautifully? From the description, it seems you are just trying to understand fw monitor and if so, you may like to use no filters to see all the 4 positions:
fw monitor -e "accept;" -o beautiful.out Make sure in this case you run it no more than few seconds as it is now capturing all the traffic. When you view the file, donot filter again by IP or Port if you want to see all 4 postions of a connection However, if your connection you are debugging has problem, why -O does not show is because of some issues with your NAT or such like stuff that we can discuss. hth, raj On 10/21/05, RoNNY <[EMAIL PROTECTED]> wrote: > > Hello everyone. > I'm trying to debug a connection on SPLAT using fw monitor. > > I'm using this command to show all connections between a machine on > our network, and CNN.com: > > fw monitor -e '(([12:4,b]=10.10.0.4 <http://10.10.0.4> , [16:4,b]= > 64.236.24.4 <http://64.236.24.4>) or > ([12:4,b]=64.236.24.4 <http://64.236.24.4> , > [16:4,b]=10.10.0.4<http://10.10.0.4>));' > > cnn.txt > > This works beautifully, with one exception: I can see the packets > going from eth1 (my LAN), and I see both i (before) and I (after). > I then see the packet go to eth0 (Internet interface), but only o > (before), no O (after). > > In other words, I don't see what happens to the packet after it passed my > eth0. > > Any ideas? > > Thanks > > -RoNNY > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= >
